Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control plane/data plane forward proxy reference #486

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Control plane/data plane forward proxy reference #486

wants to merge 1 commit into from

Conversation

cloudjumpercat
Copy link
Contributor

@cloudjumpercat cloudjumpercat commented Feb 20, 2025
edited
Loading

Description

Fixes #456

Preview Links

https://deploy-preview-486--kongdeveloper.netlify.app/gateway/cp-dp-communication/

Notes for reviewers

  • Is this the best location for this? I thought of making this a standalone reference page, but I felt users would come searching for it on a wider reference page about cp/dp comms.
  • I opted for reference over how to because there isn't a great way to validate this and really they just need to know which parameters to set.

Checklist

  • Every page is page one.
  • Tested how-to docs. If not, note why here.
  • All pages contain metadata.
  • Updated sources.yaml. For more info, review track docs changes
  • Any new docs link to existing docs.
  • All autogenerated instructions render correctly (API, decK, Konnect, Kong Manager).
  • Style guide (capitalized gateway entities, placeholder URLs) implemented correctly.

@netlify Netlify
Copy link

netlify bot commented Feb 20, 2025
edited
Loading

Deploy Preview for kongdeveloper ready!

Name Link
🔨 Latest commit 70d0eb3
🔍 Latest deploy log https://app.netlify.com/sites/kongdeveloper/deploys/67b7a7b9ef61d4000854b1e5
😎 Deploy Preview https://deploy-preview-486--kongdeveloper.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@lena-larionova
Copy link
Contributor

Is this the best location for this? I thought of making this a standalone reference page, but I felt users would come searching for it on a wider reference page about cp/dp comms.
I opted for reference over how to because there isn't a great way to validate this and really they just need to know which parameters to set.

I like it. I agree, this is too random to stick into a page all on its own, and there's no reason to write a how to for a bunch of parameters.

lena-larionova
lena-larionova reviewed Feb 20, 2025
View reviewed changes
app/gateway/cp-dp-communication.md
Comment on lines +48 to +62
* `proxy_server`: Proxy server defined as a URL. {{site.base_gateway}} will
only use this option if any component is explicitly configured to use the proxy.

* `proxy_server_tls_verify`: Toggles server certificate verification if
`proxy_server` is in HTTPS. Set to `on` if using HTTPS (default), or `off` if
using HTTP.

* `cluster_use_proxy`: Tells the cluster to use HTTP CONNECT proxy support for
hybrid mode connections. If turned on, {{site.base_gateway}} will use the
URL defined in `proxy_server` to connect.

* `lua_ssl_trusted_certificate` (*Optional*): If using HTTPS, you can also
specify a custom certificate authority with `lua_ssl_trusted_certificate`. If
using the [system default CA](/gateway/{{page.release}}/reference/configuration/#lua_ssl_trusted_certificate),
you don't need to change this value.
Copy link
Contributor

@lena-larionova lena-larionova Feb 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's replace this with the config table type, like here: https://github.com/Kong/developer.konghq.com/blob/main/app/gateway/ssl-certificates.md?plain=1#L68

Suggested change
* `proxy_server`: Proxy server defined as a URL. {{site.base_gateway}} will
only use this option if any component is explicitly configured to use the proxy.
* `proxy_server_tls_verify`: Toggles server certificate verification if
`proxy_server` is in HTTPS. Set to `on` if using HTTPS (default), or `off` if
using HTTP.
* `cluster_use_proxy`: Tells the cluster to use HTTP CONNECT proxy support for
hybrid mode connections. If turned on, {{site.base_gateway}} will use the
URL defined in `proxy_server` to connect.
* `lua_ssl_trusted_certificate` (*Optional*): If using HTTPS, you can also
specify a custom certificate authority with `lua_ssl_trusted_certificate`. If
using the [system default CA](/gateway/{{page.release}}/reference/configuration/#lua_ssl_trusted_certificate),
you don't need to change this value.
<!--vale off-->
{% kong_config_table %}
config:
- name: proxy_server
- name: proxy_server_tls_verify
- name: cluster_use_proxy
- name: lua_ssl_trusted_certificate
{% endkong_config_table %}
<!--vale on-->

I believe each one also takes a custom description in case there's something in particular that we need to say that isn't in kong.conf, or if the kong.conf entry is too long.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lena-larionova lena-larionova lena-larionova left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

How-to: configure a forward proxy
2 participants
@cloudjumpercat @lena-larionova