This section contains information on how to start and stop and configure your PCoIP Security Gateway.
To start, stop, or restart the PCoIP Security Gateway:
service security_gateway start|stop|restart
The configuration files for the PCoIP Security Gateway are located at /etc/SecurityGateway.conf
. To apply changes, restart the PCoIP Security Gateway first, then restart the PCoIP Connection Manager.
Parameter |
Default |
Description |
|||
---|---|---|---|---|---|
ExternalRoutableIP |
|
The externally routable IP address of the PCoIP Security Gateway. This is typically set to the static IP address assigned to the PCoIP Connection Manager. Do not set this to a loopback address. |
|||
LogLevel |
2 |
The minimum severity level of messages written to the log. Acceptable values in increasing order of severity are: 0 (TRACE), 1 (DEBUG), 2 (INFO), 3 (WARN), 4 (ERROR). Only messages that are at or above the configured LogLevel severity are logged. For information on log files, see PCoIP Connection Manager and Security Gateway Log Files. |
|||
LogPath |
$TMPDIR or /tmp |
Location of PCoIP Security Gateway log files. |
|||
5000 |
Maximum number of connections. ulimit -n on Linux needs to be set to slightly more than double this number. |
||||
SSLCertPath |
/opt/Teradici/certs |
Location of certificate files used by the PCoIP Security Gateway. |
|||
SSLCertType |
0 |
0 = Use an external certificate. If not configured, then generate and use a self-signed certificate. 1 = Use an external certificate. 2 = Generate and use a self-signed certificate. |
|||
SSLLinuxExtCA |
CMCertificateCA.pem |
SSLLinuxExtCert certificate chain file name. |
|||
SSLLinuxExtCert |
CMCertificate.pem |
File name of the public certificate (in base64-encoded PEM format) used to secure communication with PCoIP clients. |
|||
SSLLinuxExtCertPhrase |
|
Passphrase of the private key specified by SSLLinuxExtPriv. We strongly advise against encrypting the private key since doing so requires the pass phrase to be specified here in plain text. |
|||
SSLLinuxExtPriv |
CMCertificateKey.pem |
File name of the SSLLinuxExtCert certificate private key (in base64-encoded PEM format). |
|||
SSLCipherBlackList |
|
Lists the TLS cipher suites to be removed from the default list of cipher suites used for establishing a TLS connection to the PCoIP client, the PCoIP server, and the connection manager. The cipher suites are specified by their RFC names and are separated by a colon. See PCoIP Connection Manager Supported TLS Cipher Suites. For example, specifying the "TLS_RSA_WITH_AES_256_CBC_SHA: TLS_RSA_WITH_AES_128_CBC_SHA" string as the black list removes the specified two cipher suites. |
|||
TCPControlLinuxExtCA |
CMCertificateCA.pem |
TCPControlLinuxExtCert certificate chain file name. |
|||
CMCertificate.pem |
File name of the public certificate (in base64-encoded PEM format) used to secure communication with the PCoIP Connection Manager. |
||||
TCPControlLinuxExtCertPhrase |
|
Passphrase of the private key specified by TCPControlLinuxExtPriv. We strongly advise against encrypting the private key since doing so requires the passphrase to be specified here in plain text. |
|||
TCPControlLinuxExtPriv |
CMCertificateKey.pem |
File name of the TCPControlLinuxExtCert certificate private key (in base64-encoded PEM format).
|