On this page you can find some additional advanced settings that can be configured for API Management.
After having saved your changes, do not forget to restart the API Management containers to apply the changed configuration to your installation.
Settings for Gateway Certificate Management
As per default, we use Java truststore cacerts of the gateway container to encrypt the connection between the API Management gateway and the backend APIs. If you want to use a different truststore, you can configure this using the following settings in your docker configuration file .env:
Please uncomment all setting values in the certificate section - otherwise not all keystores will be set properly.
Setting
Description
Default Value
KEYSTORE_TRUSTSTORE_PATH
Specify the path to the certificates in the docker container.
Do not change this setting!
/usr/src/apiman/apiman-distro-vertx/certs/
GATEWAY_BACKEND_KEYSTORE
Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and the backend for unmanaged APIs.
apiman.jks
GATEWAY_BACKEND_TRUSTSTORE
apiman.jks
GATEWAY_CLIENT_KEYSTORE
Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and clients, e.g. a browser.
apiman.jks
GATEWAY_CLIENT_TRUSTSTORE
apiman.jks
GATEWAY_ES_KEYSTORE
Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Elasticsearch.
apiman.jks
GATEWAY_ES_TRUSTSTORE
apiman.jks
GATEWAY_KEYCLOAK_KEYSTORE
Specify the keystore (name of the file in folder api-mgmt/configs) for connections between the gateway and Keycloak.
apiman.jks
GATEWAY_KEYCLOAK_TRUSTSTORE
apiman.jks
Security Settings
If you do not want to go with the default TLS protocols, you can define a dedicated set of TLS protocols in your docker configuration file .env:
Setting
Description
Default Value
TLS_ALLOWED_PROTOCOLS
Specify a set of allowed TLS protocols as a comma separated list.
TLSv1.1,TLSv1.2
This setting will only affect the main containers, as there are: keycloak, gateway and ui. The other containers are not affected.
If you want to change the value for one container only, this can be done in the docker-compose.yml. We do not recommend to change the compose files, though. If this file changes with an API Management update, you will have to merge your changes, or they will be gone.
Policy Settings
Setting
Description
Default Value
MAX_CACHE_SIZE_IN_MB
7.5.0 Define the maximum cache size to use for the Caching Resources policy per gateway in megabytes.