Skip to main content

3.1 – Gateway

The gateway can be configured through the gateway.conf file. By default, this is located in the root installation directory of SparkView. All parameters and options are listed below.

The default gateway.conf file as shipped is shown at the bottom of the page.

Key Value
bindAddr Binding address, if you have multiple IP addresses and want to bind on one of them.

If you have IIS running on same machine, you must ensure that it is not bound to the IP address & Port you want to use for the SparkGateway. You must set the bindings in the IIS Manager. However, it may also be necessary to change the HTTP service which by default listens on port 80 for all IP addresses. To do this you can use “netsh http add iplisten ipaddress=xxx.xxx.xxx.xxx” to instruct the HTTP service to listen on IP addresses not used by the SparkGateway. Then you can use port 80 on the unused IP Addresses with the SparkGateway.
port Listening port, default is 80. You can let Gateway listen on 2 ports at the same time, e.g. port = 80, 443
ssl Use HTTPS and WSS (WebSocket Secure Connection), default is false. If gateway is listening on 2 port, the parameter can be configured as: ssl = false, true
credSSP Network Level Authentication, Value can be "true", "false" or "auto". Default is false. “true” will slow down the connection speed a little bit . It’s not necessary to use NLA if the gateway is connecting to internal RDP hosts only. It’s better to enable credSSP if you are using Microsoft RD Broker for load balancing. "auto" will connect without credSSP at the first time, reconnect with credSSP if the connection failed.
backlog How many connections can be queued, default is 50.
user Path of user configuration file (JSON format).
server Path of RDP hosts configuration file (JSON format).
html HTML root directory.
directoryIndex Default page for html directory, default is "rdp.html;index.html".
license Path of the license file.

If you copy the license file named "license" (note that there is no file extension) to the SparkView root directory, it is automatically detected.

If it is located elsewhere, please specify the full path of the license file including the file name, e.g.
license=C:\\Program Files\\Remote Spark\\SparkGateway\\licensefolder\\license.txt.
logfile Path of log file.
maxbytes Limit the maximum number of bytes to write to any one log file, default is 30M.
maxfiles Log file rotation, the number of log files to use, default is 99.
logHttpHeader If log http header, which may contains sensitive information. Default is true.
converter Postscript to PDF converter, used for printing. Ghostscript is recommended:
http://www.ghostscript.com/download/
Example: C:\\Program Files\\gs\\gs9.04\\bin\\gswin64c.exe
arguments Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replaced by program.
Example: -dBATCH -dNOPAUSE -dUseCIEColor -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2
plugin Class name for your plug-in
pluginFile The full path of your plug-in jar file
password Password for reporting and management API
remoteManage Make configuration accessible from everywhere. Default is false.
mime Add extra mime types for web server: rdp:application/rdp;conf:text/plain
stderrLog Set false to disable logging to stdout/stderr
keepDays How many days the temporary files generated by system be kept, default is 1 day
disk The name for the shared disk, used for file uploading/downloading
webfeed RD Web Feed URL, for RD web access integration
recording Session recording, 0: no recording; 1: recording graphic only. 3: recording graphic and audio.
recdir Parent directory for session recording files.
recwarning Warn user about the recording, default is true
accessNotInList if logged in user can access computers which is not in their list (servers.json) or webfeed, default is false
printer Printer name, default is “Remote Printer from Client”. You can specify multiple printer names by using “;” as separator, e.g. “Printer1;Printer2”. The first one will always be the default printer.
printerDriver Printer driver name
shadowing Shadowing switch (if allow joining a session), default is true.
resetOnJoin Don't use seamless session shadowing.
nativeShadowing Allow native RDP session shadowing, default is false.
cipherSuites The cipher suites can be used by SSL encryption. You may want to use some good cipher suites only, for example:
SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA

You need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for AES 256 cipher suites.
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
webAddress HTTP server web address, used for OpenID login (redirection back). It’s also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing).
clientHost Customize the host name of the client user. Default is the host name or ip address. You can use following variables in the string:
${hostName}: Host name of the gateway machine.
${hostAddress}: Host address of the gateway machine.
${sequence}: a sequence number
${__ip}: client host name or IP.
${_PARAM_SESSION_ID}: Session GUID.
${_PARAM_NUMERIC_ID}: Session 9 digit number ID.
${any parameter transferred from client side} e.g. clientHost = RS-${__ip}-${sequence} , the result will be RSClientHostName-0, RS-ClientHostName-1, …
performanceflags Please check 3.4 RDP Host for more information. You may need this if you are connecting to a Terminal Server/Remote Desktop Session Host.
remotefx Enable RemoteFX video acceleration, default is false. RemoteFX is LAN and 32 bit only
gfx If enable GFX, default is false.
enableLookups Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.
maxCacheTime How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default).
idleUserSession User session idle timeout, in milliseconds
mail.smtp.host
mail.smtp.port
mail.user
mail.password
mail.from
mail.to
mail.smtp.auth
mail.smtp.starttls.enable
Email notification when license expire etc, following is for gamil:
smtp.gmail.com
587
support@toremote.com
xxxx
support@toremotec.om
xxx@toremote.com
true
true
You can use java -cp SparkGateway.jar com.toremote.gateway.Mailer title message to send a test email.
licenseAlert Float value, Email alert when license usage reached this number. If value < 1, it means percentage of your license number; If value > = 1, it means the actual concurrent license number.
thumbnail.interval Interval for obtaining thumbnails of RDP session, milliseconds, default is 0 (no thumbnail). Client will not send thumbnail to server if screen is not changed.
thumbnail.width Thumbnail width, it must be smaller than 640, default is 0 (no thumbnail)
copyTimeout Timeout for clipboard copy operation, milliseconds, default is 3000. You may need to increase this value if your application need to copy very big data.
savedSessionTimeout This is the maximum value (milliseconds) for saved session, default is 0, means user cannot save session on gateway.
confirmJoin Confirmation needed when a user try to join a session, default is false
keyStore Set up keystore or certificate name when ssl is true. For example keystore.jks or cert.pfx.

If you are using a certificate (i.e. cert.pfx), a password is required (see keyStorePassword).

If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
keyStorePassword Keystore or certificate password. If you are using a Java keystore (i.e. keystore.jks), the password of the keystore must match the one used for the certificate, which is integrated in the keystore.
passwordEncrypted Encrypt the keystore password and the reporting password, default is false. Please use following command to get encrypted password:
java -cp SparkGateway.jar com.toremote.gateway.Encryption MyPassword
assistance Enable Remote Assistance, default is false.
ssh Enable SSH, default is false.
ssh.cache Enable/disable SSH history cache for joined sessions, default is true.
telnet Enable TELNET, default is false.
gatewayId Used for email notification etc.
oauth2 Path of oauth2 providers file (JSON format)
disabledKeys Keys (scancode) will not be sent to server, e.g. 219,220 (left and right Windows key); 29+56+211,56+1 will disable Ctrl+Alt+Del and Alt+Esc
dataEncrypted If enable encryption on data files: servers.json, users.json, symlink.json.
webfeedCache If enable webfeed cache. false to disable it. Default is true. You'll need to restart the gateway after your webfeed content changed if it's true.
redirectToHttps Redirect http tranfic to https. Make sure gateway listen on both http and https
log.level The value can be an integer or SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST. Check https://docs.oracle.com/javase/8/docs/api/java/util/logging/Level.html for more details
connectif Create a new connection if you are joining symlink which doesn’t connect to any hosts.
randomIp Use a random ip if your host name has multiple ip address, default is false
authorization “Basic”: enable HTTP Basic Authentication, default is null.
headers Extra headers for HTTP response, For example: headers = Strict-TransportSecurity: max-age=31536000\r\nContent-Security-Policy: script-src 'self'\r\nXXSS-Protection: 1; mode=block\r\nX-Frame-Options: SAMEORIGIN\r\nX-ContentType-Options: nosniff\r\n
recFileSize Limit the size (in bytes) of recording file (auto rotation)
file.filter String. File type filter for the upload. Notation: ? excludes a file type, * allows all file types.
Example: Allow all files except .exe and .com:
file.filter=?exe,?com,*

SparkView recognizes the matches from the beginning, so * must be the last instance for the filter to work.
file.maxSize Integer in Bytes. Specify the maximum file size to be uploaded. Example:
file.maxSize=1000000
file.filter.download String. Specify which file formats may be downloaded. Example:
file.filter.download=pdf,doc,docx
file.maxSize.download Integer in Bytes. Specify the maximum file size to be downloaded. Example:
file.maxSize.download=1000000
keepPrinting Keep the printing results (PDF) on gateway, default is false.
timeoutWoL Time out (milliseconds) of Wake on LAN. This will enable WoL if the value is great that 0.
symlinkOnly Gateway will only accept aymlink connection if symlinkOnly is true
symlink Full path of the symlink definition file, including file name, e.g. C:\\Users\\foobar\\workspace\\data\\symlink.json
simpleFormatter Let gateway use SimpleFormatter which is slower but allow you to configure log format.
pingClient Ping client interval (ms). CND or proxy may not close the websocket correctly and leave session alive forever on the gateway. You can enable this to fix this kind of issue. This is enabled by default since 5.6.
sessionRecordParam You can enable session recording from the browser side (sessionRecord=on) if this is true. Default value is false.
userGroup Path of user group configuration file in JSON format.
serverGroup Path of server group configuration file in JSON format.
organization Customize the connection name for the 2FA app on the mobile device.
maxRequestBytes Determines the upper limit for the total size of the request line and the headers. Its default setting is 8KB
maxPrintTime Printing conversion timeout, default is 1200000 milliseconds (20 minutes)
httpCookie Use HTTP Cookie for file uploading to make it more secure. Default is true.
fileUnprompted Files can be download directly without asking user to confirm when user copy a file in RDP server. For example, if the value is “pdf,zip”, when user copy a PDF file, the gateway will prepare the downloading directly without ask use to confirm. Depends on copyFile = true.
deployment Enable deployment service. User can deploy, test applications with the deploy agent via SSH, SFTP.
preferInteractive Prefer keyboard-interactive method on SSH. Default is true.
Deprecated, please use ssh.preferInteractive instead.
ssh.preferInteractive Prefer keyboard-interactive method on SSH. Default is true.
fileService Enable SMB2, SFTP file proxy, so user can use file.html to upload/download files from SMB2 share or SFTP server. Disabled by default.
delSymlinkServer The related server definition will be deleted too if a symlink is deleted or expired. Default is false.
trustStore Trusted certificates for RDP or VNC server (when TLS encrypt is used, credSSP = true in gateway.conf).
trustStorePassword Password for trustStore
fileBlockSize File transferring block size, default is 524288 bytes(5M). Reduce this value can reduce the bandwidth usage but increase uploading time
keyDelay Delay between keys (milliseconds). Default is 0.
authToken.name The parameter name in the websocket URL.
authToken.exec A path of executable or URL. If gateway found the authToken.name parameter in the websocket url, it’ll execute the exe or HTTP Request. The connection can be only allow if the exe or HTTP Request Status Code is authToken.sucessCode.
authToken.sucessCode Integer.
twoFA 1: Enable two-factor authentication; 0: Disable (default); 2: Enforce
twoFAStore Two-factor authentication storage path. Default is installDir\data\store.data. Make sure you back up this file. It’s encrypted by default.
rec.timestampSubDir Enable/disable timestamp sub directory for recdir. Default is true.
rec.begin.exec Run an executable before the session is recorded. Arguments: fileName, server, user, sessionId.
rec.end.exec Run an executable after the session was recorded. Arguments: fileName, server, user, sessionId.
file.post Run an executable after a file was uploaded.
For example: file.post = C:\apps\scan.exe %1
%1 will be replaced by the file path of the uploaded file.
csv.file Log session information to CSV file. Columns: Id, Server, Client, IP, Browser, Time ,NumericId, User, Domain, Join, Protocol, Symlink, Port, Action (CONNECT/DISCONNECT/LOGIN).
csv.size Limit the maximum number of bytes to write the log file, default is 2G.
vnc.transferCredential,
ssh.transferCredential,
telnet.transferCredential
False by default, which disable SSO on VNC, SSH, TELNET connection when SSO is enabled in users.json (transferCredential = true).
app.id String, UUID is recommended. Can be used for load balancing. This unique id will be automatically generated if it's not set.
file.viewable Boolean, the "View" button on File Manager UI will be removed if it's false. Users then can only see the "Download" button.
license.limit Integer, restricts the concurrent session number for testing etc. This value must be smaller than the license number.
kerberos.realm String, enables authentication via Kerberos if set. Can be, for example, the DNS domain name in capital letters of an Active Directory.
http.proxy.enable Boolean, enable/disable connections through the HTTP proxy.
readOnly Boolean. Determines whether the configuration file (gateway.conf) can be changed via API or web config (config.html). Manual changes to the file itself are always possible. Default is false.

*Please always use absolute file path if you are running Gateway as a service.

Default gateway.conf file:

# Binding address, if you have multiple IP addresses and want bind to one of them, uncomment and change this line
#bindAddr = 192.168.8.4

# Listening port, default is 80 for http and 443 for https (ssl = true)
port = 8080

# Use https and wss (WebSocket Secure connection), better to use 443 as listening port when ssl is true
#ssl = true

# Network Level Authentication (CredSSP), "false" is default, always false in free version
credSSP = auto

# How many client connections can be queued, default is 50
#backlog = 50

# User definition file, default is ./data/users.json. Uncomment this line and add users in this file if you want user log in first before using any rdp host.
#user = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\users.json

# Server definition file, default is ./data/servers.json. Uncomment this line and add RDP hosts here.
#server = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\servers.json

# HTML root directory, default is ./html/. Printed file will be save in sub directory "temp", make sure application have access right on "temp" directory.
html = C:\\Program Files\\Remote Spark\\SparkGateway\\html\\

# Default page for html directory, default is "rdp.html;index.html";
#directoryIndex = rdp.html;index.html

# License file, default is ./license, it's only for paid version
#license = C:\\Program Files\\Remote Spark\\SparkGateway\\license

# Log file, default gateway.log
logfile = C:\\Program Files\\Remote Spark\\SparkGateway\\logs\\gateway.log

# Limit the maximum number of bytes to write to any one log file, default 30M
#maxbytes = 30720000

# Log file rotation, the number of log files to use, default 99
#maxfiles = 99

# Log http header, that may contains sensitive information like password. default is true.
#logHttpHeader = false

# Show warning and error messages to clients. Default is true
#showMessage = false

# Postscript to PDF converter, Ghostscript is recommended: http://www.ghostscript.com/download/
converter = C:\\Program Files\\gs\\gs9.14\\bin\\gswin64c.exe

# Arguments for converter. %1 is output pdf file name. %2 is input ps file name, they'll be replace by program
arguments = -dBATCH -dNOPAUSE -dPDFSETTINGS=/printer -sDEVICE=pdfwrite -q -sOutputFile=%1 %2

# Plugin = com.toremote.gateway.plugin.SimpleManager
#pluginFile = C:\\Program Files\\Remote Spark\\SparkGateway\\plugin.jar

# Password for configuration, reporting and management API.
#password = yourpassword

# Parent directory for temporary files: downloading/uploading etc
#tmpdir = C:\\apps\\share

# Session recording, 1: recording graphic only, 2 recording graphic and sound
#recording = 1

# Directory for session recording
#recdir = C:\\apps\\share

# Warn user about the recordig, default is true
recwarning = true

# RD Web Feed URL, for RD web access integration
#webfeed = https://192.168.0.50/RDWeb/feed/webfeed.aspx

# If logged in user can access computers which is not in their list (severs.json) or webfeed 
accessNotInList = true

# CipherSuites. You may want to only use some strong cipher suites for SSL. You may need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html)
#cipherSuites = SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA

# Printer driver you want to use
#printerDriver = HP LaserJet 4100 Series PCL

# HTTP server web address, used for OpenID login(redirection back). Also used on client side for getting real gateway address (client side may not know that if you are using multiple gateways for load balancing)
#webAddress = http://w-think

# Shadowing switch, default is true, if allow user join sessions
#shadowing = false

# Customize the host name of the client user
#clientHost = RS-${__ip}-${sequence}

# Performance flags for RD Web Access Portal integration only.
#performanceflags = 111

#remotefx = true

# Set to true if you want calls to perform DNS lookups in order to return the actual host name of the remote client. Set to false to skip the DNS lookup and return the IP address in String form instead (thereby improving performance). By default, DNS lookups are disabled.
#enableLookups = true

# How long (minutes) the session can be cached on gateway, default is 0 (RDP session cache on gateway is disabled by default).
#maxCacheTime = 10

# User session idle time out, in milliseconds
#idleUserSession = 3600000

# Email configuration. Test email with java -cp ..\SparkGateway.jar com.toremote.gateway.Mailer
#mail.smtp.host = smtp.gmail.com
#mail.smtp.port = 587
#mail.user = support@xxx.com
#mail.password = xxxx
#mail.from = support@yyy.om
#mail.to = xxx@xxx.com
#mail.smtp.auth = true
#mail.smtp.starttls.enable = true

#confirmJoin = true
#assistance = true
#ssh = true
#telnet = true

# Certificate for SSL, pfx (PKCS12) format is recommended, use keystore.jks if you prefer Java KeyStore
#keyStore=cert.pfx
#keyStore=keystore.jks
#keyStorePassword = password
#passwordEncrypted = true
#keyStorePassword = OOLZ+pOdZAa3QXanDDksAmMR4pdpVVD2SblIuXe2ztg=

#oauth2 = C:\\Program Files\\Remote Spark\\SparkGateway\\data\\oauth2.json

# Scancodes for disabling keys (219 left windows key, 220 right windows key)
#disabledKeys = 219,220

# Enabling copy files
copyFile = true

You can also use config.html to configure gateway.conf. Use your browser navigate to: http://localhost/config.html.
For security reason, this page can be only accessed from localhost.

sv_config.png