Victor Kazakov

Getting Started with the Gateway Container

Blog Post created by Victor Kazakov Employee on Jan 2, 2018

This year for the holidays we got a great gift, a new and much improved Gateway Container! (Well, at least I think it's a great gift) 


What is the Gateway Container?

The Gateway container is a Docker image of the CA API Gateway. The docker image containers just the Gateway process. For more details see the official documentation here: Using the Container Gateway - CA API Gateway - 9.3 - CA Technologies Documentation 



In order to run the Gateway Container on your local machine you need to have Docker installed.

You also need to have a valid license for the CA API Gateway.


Using the Gateway Container

One of the focuses on the updated Gateway Container was making it simple to use. You can start a gateway by running:

docker run -p 8080:8080 -p 8443:8443 -e ACCEPT_LICENSE=true -v /absolute/path/to/license.xml:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/license.xml caapim/gateway:9.3.00

Some details on the command:

  • docker run
  • -p 8080:8080 -p 8443:8443
    • This exposes port 8080 and port 8443.
  • -e ACCEPT_LICENSE=true
  • -v /absolute/path/to/license.xml:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/license.xml

    • This provides the license to the gateway. The path before the `:` is the absolute path to the license.xml file on your local machine. This path will be specified differently on windows vs unix operating systems. 
  • caapim/gateway:9.3.00
    • This is the image to run. The gateway container, specifically tagged with 9.3.00 (for version 9.3.00)


You will now have a fully running gateway. But what exactly is running? 

The Gateway that is running will have no services or endpoints available. There is also a randomized administrator username and password so you will not be able to access it via the Policy Manager. The next steps would be to expose some services in the Container Gateway, so let's see how you would do that.


Adding Services to the Container Gateway

Services are added to the Container Gateway by mounting restman bundles to bootstrap folders in the Container Gateway Image. For example, let's use the following bundle:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<l7:Bundle xmlns:l7="">
                <l7:Service id="f65f1da6c82e3f10aeb7fd633bf60ee2">
                    <l7:ServiceDetail folderId="0000000000000000ffffffffffffec76" id="f65f1da6c82e3f10aeb7fd633bf60ee2">
<l7:Property key="internal">
<l7:Property key="policyRevision">
<l7:Property key="soap">
<l7:Property key="tracingEnabled">
<l7:Property key="wssProcessingEnabled">
<l7:ResourceSet tag="policy">
<l7:Resource type="policy" version="1">&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
&lt;wsp:Policy xmlns:L7p=&quot;; xmlns:wsp=&quot;;&gt;
&lt;wsp:All wsp:Usage=&quot;Required&quot;&gt;
    &lt;L7p:Base64ResponseBody stringValue=&quot;SGVsbG8gZnJvbSBhIEdhdGV3YXkgQ29udGFpbmVy&quot;/&gt;
    &lt;L7p:ResponseContentType stringValue=&quot;text/plain; charset=UTF-8&quot;/&gt;
        <l7:Mapping action="NewOrExisting" srcId="0000000000000000ffffffffffffec76" type="FOLDER">
                <l7:Property key="FailOnNew">
        <l7:Mapping action="NewOrExisting" srcId="f65f1da6c82e3f10aeb7fd633bf60ee2" type="SERVICE"/>

The above bundle will create a service available at the `/hellocontainer` endpoint. In order to add this service to the Gateway save the bundle to a file and mount it as a volume in the container:

docker run -p 8080:8080 -p 8443:8443 -e ACCEPT_LICENSE=true -v /absolute/path/to/license.xml:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/license/license.xml -v /absolute/path/to/hellocontainer.bundle:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/hellocontainer.bundle caapim/gateway:9.3.00

Here we added another volume mount:

-v /absolute/path/to/hellocontainer.bundle:/opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/hellocontainer.bundle

  • This provides the hellocontainer.bundle to the gateway. The path before the `:` is the absolute path to the hellocontainer.bundle file on your local machine. This path will be specified differently on windows vs unix operating systems. 

Once the Gateway has started you can open http://localhost:8080/hellocontainer and see the results of executing the service. (Note, in some cases docker may not be running on localhost. In that case run `docker-machine ip` to find the address of the docker container).


Next Steps

The next steps would be to explore the other available environment variables in the Container Gateway. In a subsequent blog post I will talk about how to use the Container Gateway in a development environment in order to create bundle files for bootstrapping in other Gateway Containers.


Best Practices

There are many other configuration parameters available however, with Gateway containers the best practices is to run containers in an ephemeral mode. This means not using external databases and not configuring the gateway using policy manager, GMU, or the RESTMAN api's. Container Gateways should be exclusively configured via the bootstrap folders.