Oracle® Fusion Middleware
Part 5. Troubleshoot your API Gateway installation
Sidebar
Prev
|
Next
Part 5. Troubleshoot your API Gateway installation
Contents
Configure API Gateway tracing
Overview
View API Gateway trace files
Set API Gateway trace levels
Configure API Gateway trace files
Run trace at DEBUG level
Run trace at DATA level
Integrate trace output with Apache log4J
Get help with API Gateway
Configure API Gateway logging and events
Overview
Configure audit logs per domain
Configure transaction logs per API Gateway
Configure transaction logs per filter
Configure access logs per path
Manage API Gateway events
API Gateway performance tuning
Overview
General performance tuning
Advanced performance tuning
Contents
Search
API Gateway administration
Introduction to API Gateway administration
Overview
API Gateway form factors
Who owns the API Gateway platform and how is it administered?
Operations team
Architecture team
Where do you deploy an API Gateway?
Where do you deploy API Gateway Analytics?
Secure the last mile
API Gateway administration lifecycle
Plan an API Gateway system
Overview
Policy development
Policy development guidelines
Example policy requirements
Traffic analysis
Traffic analysis guidelines
Load balancing and scalability
Load balancing guidelines
SSL termination
High Availability and failover
HA stand-by systems
HA and failover guidelines
Backup and recovery
Disaster recovery guidelines
Development staging and testing
Staging and testing guidelines
Hardening—secure the API Gateway
Hardening guidelines
Capacity planning example
Example required throughput
Example development process
How API Gateway interacts with existing infrastructure
Overview
Databases
Anti virus
Operations and management
Network firewalls
Advantages over traditional application firewalls
Firewall modes
Application servers
Enterprise Service Buses
Similarities between API Gateways and ESBs
Differences between API Gateways and ESBs
Directories and user stores
Simple inline user store deployment
API Gateway in DMZ—LDAP in LAN
Split deployment between DMZ and LAN
Access control
Public Key Infrastructure
Registries and repositories
Software Configuration Managment
Manage an API Gateway domain
Configure an API Gateway domain
Overview
Managedomain script
Register a host in a domain
Create an API Gateway instance
Test the health of an API Gateway instance
Manage domain topology in API Gateway Manager
Overview
Manage API Gateway groups
Create an API Gateway group
Delete an API Gateway group
Lock an API Gateway group
Manage API Gateway instances
Create API Gateway instances
Delete API Gateway instances
Start API Gateway instances
Stop API Gateway instances
Edit API Gateway tags
Deploy API Gateway configuration
Deploy a deployment package
Deploy policy and environment packages
Managedomain command reference
Overview
Host Management
API Gateway Management
Group Management
Topology Management
Deployment
Domain SSL certificates
Further details
Secure an API Gateway domain
Overview
How SSL certificates are signed in a domain
API Gateway as an external CA
Add the first Admin Node Manager to the domain
Sign with system-generated domain key
Sign with user-provided domain key
Sign with external CA
API Gateway as an external CA
Additional signing options
Add a Node Manager to the domain
Sign with system-generated domain key
Sign with user-provided domain key
Sign with external CA
Additional signing options
Add an API Gateway instance to the domain
Sign with system-generated domain key
Sign with user-provided domain key
Sign with external CA
Additional signing options
Change the admin capabilities of a Node Manager
Sign with system-generated domain key
Sign with user-provided domain key
Sign with external CA
Additional signing options
Change the domain SSL certificate
Sign with system-generated domain CA key
Sign with user-generated domain CA key
Sign with external CA
Reset the passphrase for the domain SSL private key
Change the domain SSL certificate expiry date
Further information
Admin Node Manager backup and disaster recovery
Create a backup Admin Node Manager for signing certificates
Set up an Admin Node Manager for signing certificates from a backup .p12
SSL private key and certificate locations
Domain private key and certificate location
Node Manager private key and certificate location
API Gateway private key and certificate location
Manage the API Gateway
Start and stop the API Gateway
Overview
Set passphrases
Start the Node Manager
Start the API Gateway instance
Startup options
Connect to the API Gateway in Policy Studio
Stop the API Gateway instance
Stop the Node Manager
Start the API Gateway tools
Overview
Before you begin
Launch API Gateway Manager
Start Policy Studio
Configure an API Gateway encryption passphrase
Overview
Configure the passphrase in Policy Studio
Enter the passphrase when you connect in Policy Studio
Enter the passphrase in a file or on startup
Promotion between environments
Run API Gateway as non-root on UNIX/Linux
Overview
Linux capabilities
Before you begin
Modify API Gateway file ownership
SSL accelerators for HSM
Set the CAP_NET_BIND capability on vshell
Install the libcap2 package if required
API Gateway appliance version 7.1.0 or later
Add API Gateway library locations
Create the ld.so.conf file
Run ldconfig
Modify the init.d script to use sudo
Modify the jvm.xml file
Restart the API Gateway
Run API Gateway as non-root on Solaris
Configure API Gateway high availability
Overview
HA in production environments
Load Balancing
Java Message System
File Transfer Protocol
Remote Hosts
Distributed caching
External Connections
Embedded Apache ActiveMQ
Embedded Apache Cassandra database
Configure a seed node
Configure subsequent nodes
View embedded Cassandra configuration
View hidden KPS configuration in Policy Studio
Set the replication factor
Configure API Gateway group-wide HA
Configure Java Management Extensions
Cassandra housekeeping tasks
Manage certificates and keys
Overview
View certificates and private keys
Configure an X.509 certificate
Create a certificate
Import certificates
Bind to a certificate at runtime
Configure a private key
Global options
Manage certificates and keystores
Export certificates to a keystore
Configure key pairs
Add a key pair
Manage OpenSSH keys
Configure PGP key pairs
Add a PGP key pair
Manage PGP keys
Manage API Gateway settings
Overview
General settings
Cache
MIME/DIME
Namespaces
HTTP session
Logging settings
Transaction Log
Access Log
Messaging settings
Monitoring settings
Metrics
Traffic Monitor
Security settings
Security Service Module
Kerberos
Tivoli
Deploy API Gateway configuration
Manage API Gateway deployments
Overview
Connect to a server in Policy Studio
Edit a server configuration in Policy Studio
Manage deployments in API Gateway Manager
Compare and merge configurations in Policy Studio
Manage Admin users in API Gateway Manager
Configure policies in Policy Studio
Deploy API Gateway configuration
Overview
Create a package in Policy Studio
Configure package properties in Policy Studio
Deploy packages in Policy Studio
Deploy a factory configuration in Policy Studio
Deploy currently loaded configuration in Policy Studio
Push configuration to a group in Policy Studio
View deployment results in Policy Studio
Deploy on the command line
Deploy packages in API Gateway Manager
Troubleshoot your API Gateway installation
Configure API Gateway tracing
Overview
View API Gateway trace files
Set API Gateway trace levels
Configure API Gateway trace files
Run trace at DEBUG level
Run trace at DATA level
Integrate trace output with Apache log4J
Get help with API Gateway
Configure API Gateway logging and events
Overview
Configure audit logs per domain
View in API Gateway Manager
View the domain audit log file
Customize domain audit log output
Domain audit rule syntax
Configure transaction logs per API Gateway
Configure transaction logs per filter
Configure access logs per path
Manage API Gateway events
API Gateway performance tuning
Overview
General performance tuning
Minimize tracing
Disable real-time monitoring
Disable traffic monitoring
Disable transaction logging
Disable Access logging
Advanced performance tuning
Configure spill to disk
Configure database pooling
Configure HTTP keep alive
Configure chunked encoding
Single test client and sever
JVM memory
Number of client threads on Linux
Multiple connection filters
Manage user access
Manage API Gateway users
Overview
API Gateway users
Add API Gateway users
API Gateway user attributes
API Gateway user groups
Add API Gateway user groups
Update API Gateway users or groups
Manage Admin users
Overview
Admin user privileges
Admin user roles
Add a new Admin user
Remove an Admin user
Reset an Admin user password
Manage Admin user roles
Configure Role-Based Access Control (RBAC)
Overview
Local Admin User store
RBAC Access Control List
Configure RBAC users and roles
Management service roles and permissions
Active Directory for authentication and RBAC of management services
Overview
Step 1: create an Active Directory group
Step 2: create an Active Directory user
Step 3: create an LDAP connection
Step 4: create an LDAP repository
Step 5: create a test policy for LDAP authentication and RBAC
Step 6: use the LDAP policy to protect management services
Add an LDAP user with limited access to management services
OpenLDAP for authentication and RBAC of management services
Overview
Step 1: create an OpenLDAP group for RBAC roles
Step 2: add RBAC roles to the OpenLDAP RBAC group
Step 3: add users to the OpenLDAP RBAC group
Step 4: create an LDAP connection
Step 5: create an OpenLDAP repository
Step 6: create a test policy for LDAP authentication and RBAC
Step 7: use the OpenLDAP policy to protect management services
Manage ActiveMQ messaging
Manage embedded ActiveMQ messaging
Overview
Manage messaging queues
Manage messages in a queue
Create a new message
View message contents
Manage messaging topics
Manage messaging subscribers
Create a new subscriber
Manage messaging consumers
Monitoring and reporting
Monitor services in API Gateway Manager
Overview
Enable monitoring
View real-time monitoring
View message traffic
View message content
View performance statistics
Detect malformed messages
Monitor system data
Configure trace and log settings
Monitor and report on services with API Gateway Analytics
Configure the API Gateway for API Gateway Analytics
Overview
Connect to the API Gateway
Configure the database connection
Configure the database logging
Configure monitoring settings
Deploy to the API Gateway
Reporting with API Gateway Analytics
Overview
Launch API Gateway Analytics
System
API Services
Remote Hosts
Clients
Audit Trail
Reports
Custom reporting
Configure scheduled reports
Overview
Database configuration
Scheduled reports configuration
SMTP configuration
Purge the reports database
Overview
Run the dbpurger command
Example commands
Manage network-level settings
Configure a DNS service with wildcards for virtual hosting
Overview
DNS workflow
BIND DNS software
Configure a wildcard domain
Configure DNS options
Configure default zones
Configure logging
Configure a wildcard domain
Configure domain zone files
API Gateway settings reference
General settings
Overview
Settings
MIME/DIME settings
Overview
Configuration
Namespace settings
Overview
SOAP Namespace
Signature ID Attribute
WSSE Namespace
HTTP Session settings
Overview
Configuration
Transaction Log settings
Overview
Configure log output
Log to Text File
Log to XML File
Log to Database
Log to Local Syslog
Log to Remote Syslog
Log to System Console
Access Log settings
Overview
Log Format
Configure the Access Log
Embedded ActiveMQ settings
Overview
General messaging settings
SSL settings
Authentication settings
Traffic monitoring settings
Overview
Configuration
Real-time monitoring metrics
Overview
Configure metrics settings
Configure reports settings
Search
Search Highlighter (On/Off)