Gateway Installation
This document will cover creating and installing a Gateway cluster. Before we begin, we require:
An available database host (Sql Server or Postgres if v17 or later)
A publicly available endpoint (gateway1.mycompany.com, for example)
A valid certificate for your above endpoint
The ability to configure your publicly-facing network appliance (either directly or via your networking team).
These steps are for installing a production ready Gateway cluster. If you simply want to evaluate your own local instance, a few of these steps can be skipped.
For this page, we’re going to use the public endpoint gateway1.conevity.com, which will resolve to the public IP of the Gateway firewall. Substitute the settings for your network in the following steps.
Step 1: Certificate Install
Before running the Gateway installer, you should have your 3rd-party purchased certificate installed within the Windows machine certificate store. The certificate must be installed on each Gateway host. For testing, you can get a free certificate from sites such as sslforfree.com.
Your certificate must have a private key (see https://stackoverflow.com/questions/6307886/how-to-create-pfx-file-from-certificate-and-private-key for information on combining into a pfx).
Step 2: Download & Run Gateway Installer
Download and run the Gateway installer on the Gateway host machine.
Once the installation is complete, the Configuration Wizard will be shown.
Use the Get Trial License button or contact Conevity (include your Hardware ID) for a trial license. Paste your License Key into the License Key text box and click Next.
On the Gateway Connection Parameters page, select the database type and enter the database engine host name in the Server Name field. Enter authentication information for an elevated user. This user will be used to perform elevated database operations only during install (create the database, tables, etc.).
Choose the account used to run the Gateway service. This should be an account with limited privileges (by default, a low privilege account will be created and used).
Choose the account used to access the database at run time. This should be a low privilege account which has DbReader and DbWriter credentials. By default, access will be granted to the default Gateway account.
Select the certificate installed in step 1 from the Certificate Friendly Name drop-down.
The Firewall FQDN should be the public DNS name that resolves to your gateway host. This is typically the same as your certificate, unless you’re using a wildcard certificate. Enter the public port to use for traffic (we recommend 443). You can optionally set the Registration and Internal ports, which are the private ports opened by the Gateway service.
On the Gateway Configuration Options page, you can optionally select:
Protocol:Net.TcporWebsockets. We recommendWebsockets.Administrators: Windows or Active Directory users and groups which will have administrator access to Gateway configuration.Gateway API: Enable the Gateway API (allows programmatic configuration).Metrics: Enable the Gateway metrics / telemetry.
Click Next to view the installation tasks page, and then click Next again to start executing the tasks.
When complete, you’ll see the installation successful message. Click Next to close the Configuration Wizard.
The Gateway Management UI will automatically be launched. If prompted, you can accept the certificate.
You will see an empty Gateway Management UI.
Step 3: Configure Network
This install assumes a simple network. Your networking appliance(s) will be different.
Before a Remote Integrator can connect to your Gateway, the public-facing firewall must be configured. We must add a route / NAT entry to route incoming traffic on public port 443 to private port 8085 on the Gateway host (or whichever ports you chose during the Configuration Wizard).
Step 4: Verify Network
As long as you’re using the Websocket protocol (selected in the Configuration Wizard), you can point a browser at https://your-gateway-address/gateway/ and you should get the following result.
If you have any local firewall service running (such as Windows Defender), you’ll also need to add an exception for the internal ports (typically ports 8085 and 8083), or, for the Gateway application itself (%programfiles%\Connexion.Gateway\Connexion.Gateway.exe).
Step 5: Add Required Packages
In order to keep installer size down, the Remote Integrator install package doesn’t include all dependencies. Specifically, it excludes the MongoDb database and Visual C++ Runtime files. Before connecting your first Remote Integrator, you should download and add these dependencies.
Open a browser to the MongoDb Packages page, and download the newest versions of both MongoDb and Visual C++ Runtime.
Open the Gateway Management UI and click to the Deploy Installer button in the top right. Click the Add button on the Deploy Installer Package dialog, and select the Visual C++ Runtime file you downloaded.
Close that dialog and click the Deploy Package button in the top right. Click the Add button on the Deploy Package Package dialog, and select the MongoDb package you downloaded.
Step 6: Create & Deploy Remote Integrator
You’re now ready to create and deploy your first Remote Integrator!
Step 7: Optionally Create a Cluster
To create a Gateway cluster, repeat steps 1 through 4 on a second Gateway host. When running the Configuration Wizard, you’ll select the same database used for the first Gateway instance.