Advanced Configuration
SSL/TLS Certificate
HUMAN Callout Enforcer spawns gRPC server to listen for incoming messages from Envoy. gRPC server uses HTTP/2 protocol, it is required to have a SSL/TLS certificate to be present on Docker container.
By default perimeterx/px-callout-enforcer Docker image has a self-signed certificate located in /etc/cert folder.
We advice to generate your own certificate (ideally signed by CA) and mount certificate files to /etc/cert/ files.
Two certificate files are required:
- PEM EC private key (named
server.key) - PEM certificate (named
server.crt)
To mount certificate files to /etc/cert folder, the following docker run parameters could be used:
docker run \
...
--mount type=bind,source="$(pwd)"/server.key,target=/etc/cert/server.key,readonly \
--mount type=bind,source="$(pwd)"/server.crt,target=/etc/cert/server.crt,readonly \
...
perimeterx/px-callout-enforcer:latest
Logging
By default all logs are printed to stdout.
TBD
Debugging
Enforcer debug logging could be enabled by enabling px_debug:
"px_debug": true
TBD
Updated 12 days ago