Configuration
QvaSoft Gateway uses two main configuration files:
appsettings.json-- Application settings (authentication, admin panel, CORS)ocelot.json-- Gateway routing configuration (routes, Swagger, aggregation)
appsettings.json
Kestrel (Ports & TLS)
{
"Kestrel": {
"Endpoints": {
"Http": { "Url": "http://*:4000" },
"Https": {
"Url": "https://*:4001",
"Certificate": {
"Path": "certificate.pfx",
"Password": "your-password"
}
}
}
}
}
AppSetting Section
The AppSetting section contains the core configuration:
{
"AppSetting": {
"AllowedCorsOrigins": [],
"AuthenticationProviders": [ ... ],
"AdminApi": { ... }
}
}
CORS
Configure allowed origins. Leave empty to allow all origins:
{
"AllowedCorsOrigins": ["https://yourdomain.com", "https://app.yourdomain.com"]
}
For production, always specify allowed origins explicitly. An empty array allows all origins.
Admin API
{
"AdminApi": {
"Enable": true,
"AppName": "My Gateway",
"PrimaryColor": "#03a9f4",
"LogoUrl": "https://example.com/logo.png"
}
}
| Field | Description |
|---|---|
Enable | Enable/disable the admin API and panel |
AppName | Display name shown in the admin panel |
PrimaryColor | Theme color for the admin panel UI |
LogoUrl | Custom logo URL for the admin panel |
The branding fields (AppName, PrimaryColor, and LogoUrl) are only applied when an Enterprise license is active. On the Community edition, the admin panel always displays the default branding regardless of the values configured here.
See the Pricing page for more details on available plans.
Admin authentication is handled internally with an auto-generated secret key that exists only in memory. No authentication configuration is needed in appsettings.json.
Database Connection
{
"ConnectionStrings": {
"DefaultConnection": "Data Source=identity.db"
}
}
The default SQLite database is created automatically on first startup.
ocelot.json
This file contains the gateway routing configuration. It's managed through the admin panel, but can also be edited manually.
Structure
{
"Routes": [],
"DynamicRoutes": [],
"Aggregates": [],
"SwaggerEndPoints": [],
"GlobalConfiguration": {
"BaseUrl": "http://localhost:4000",
"RequestIdKey": "RequestId"
}
}
See Routes for detailed route configuration.
Environment Variables
All configuration values can be overridden using environment variables with the __ separator:
# Override admin panel name
AppSetting__AdminApi__AppName=My Production Gateway
# Override database connection
ConnectionStrings__DefaultConnection="Data Source=/data/identity.db"
For production, use environment variables or a secret manager for sensitive values like certificate passwords.