Using App Gateways: FAQ
This topic provides information about using App Gateways.
App Gateway comes as an appliance, and as a Docker image containing Linux. You can't install App Gateway directly into your OS.
To run the App Gateway appliance you need to install a tool, for example, Oracle virtual box or VMWare(r) VSphere. To run the App Gateway Docker image you need to install Docker.
App Gateway is backward compatible and will be supported until Oracle communicates otherwise. We recommend that you use the latest version of the App Gateway. We don't back-port fixes to older versions.
You can download the latest version of app gateway from the Console. See Creating an App Gateway.
To upgrade the App Gateway docker image, you must stop the running container and then create the container with the latest image. You can reuse the existing wallet that you have created for the existing app gateway container. If you have changed files in the existing container, for example, nginx.conf
then you can copy files from the existing container and use it to create new container.
Using Docker, run pass files using the volume flag. For example:
--volume /opt/appgateway/cwallet.sso:/usr/local/nginx/conf/cwallet.sso
or
--volume /opt/appgateway/nginx.conf:/usr/local/nginx/conf/nginx.conf
You need to create a fresh environment with the latest App Gateway appliance. App Gateways are backward compatible so older versions of App Gateway work with the newer OCI IAM version. However, bugs fixes aren't back-ported to older versions. We recommend that always you use the latest version.
CLI /scratch/oracle/cloudgate/home/bin/cg-upgrade
starts the upgrade process for patches. This CLI only looks for available patches, for example, a security fix. It won't upgrade App Gateway to the latest version.
During the upgrade process App Gateway contacts the IAM identity domain to verify whether a patch for your App Gateway is available. If it is, then the process downloads the patch and applies the patch to your App Gateway server.
App Gateway sends headers in the request to the upstream app. The app reads the headers from the request and serves them back to the UI.
We don't recommend that you install any additional components within our certified Oracle VM Virtual Appliances (OVA). This is to ensure the stability of the offering and to ensure that the upgrades are safe. Oracle support cannot address issues arising from third-party components loaded to OVA.
Enter the App gateway URL, or the URL of the load balancer front ending the App Gateway.
It is the origin server configuration of the App Gateway when you add the enterprise application to the App Gateway.
To check whether App Gateway is up and running, use:
/cloudgate/v1/about
When the App Gateway is up, the output is RUNNING
.
Yes, you can assign multiple enterprise applications to the same App Gateway server. Register the applications with App Gateway using a different Resource Prefix for each application.
The load balancer must pass the header is_ssl with a value ssl.
App Gateway can be hosted on a different server. You must have connectivity between the AppGateway server and web application server.
App Gateway patches are typically released only for security fixes. Release cycles for newer versions is ad-hoc and customers are notified in the release notes or What's New section of the OCI documentation.
App Gateway connects to IAM on SSL port 443. Ensure that the machine where App Gateway is running can communicate to external services on this SSL port. For example, if App Gateway is running in OCI Compute, you might have to enable ports in the security list and at OS level.
No, it doesn't. If the connectivity to the internet is through a proxy, App Gateway can't work. App Gateway needs to access the internet to reach OCI IAM on cloud to access identity information. A direct connection from App Gateway to the internet is required.