2020-04-07 18:55:19 +00:00
---
layout: docs
2022-09-13 20:58:57 +00:00
page_title: Built-in Proxy Configuration | Service Mesh
description: >-
2022-09-16 15:28:32 +00:00
Consul includes a built-in L4 proxy with limited capabilities to use for development and testing only. Use the built-in proxy config key reference to learn about the options you can configure.
2020-04-07 18:55:19 +00:00
---
2022-09-13 20:58:57 +00:00
# Built-in Proxy Configuration for Service Mesh
2020-04-07 18:55:19 +00:00
2021-05-10 20:37:16 +00:00
~> **Note:** The built-in proxy is not supported for production deployments. It does not
2023-05-05 17:41:40 +00:00
support many of Consul's service mesh features, and is not under active development.
2023-01-25 16:52:43 +00:00
The [Envoy proxy](/consul/docs/connect/proxies/envoy) should be used for production deployments.
2021-05-10 20:37:16 +00:00
2020-04-07 18:55:19 +00:00
Consul comes with a built-in L4 proxy for testing and development with Consul
2023-05-05 17:41:40 +00:00
service mesh.
2020-04-07 18:55:19 +00:00
## Proxy Config Key Reference
Below is a complete example of all the configuration options available
for the built-in proxy.
2021-07-31 01:37:33 +00:00
```json
2020-04-07 18:55:19 +00:00
{
"service": {
...
"connect": {
"proxy": {
"config": {
"bind_address": "0.0.0.0",
"bind_port": 20000,
"local_service_address": "127.0.0.1:1234",
"local_connect_timeout_ms": 1000,
"handshake_timeout_ms": 10000,
"upstreams": [...]
},
"upstreams": [
{
...
"config": {
"connect_timeout_ms": 1000
}
}
]
}
}
}
}
```
2021-07-02 16:18:46 +00:00
All fields are optional with a reasonable default.
2020-04-07 18:55:19 +00:00
2020-10-14 15:23:05 +00:00
- `bind_address` - The address the proxy will bind its
2020-04-07 18:55:19 +00:00
_public_ mTLS listener to. It defaults to the same address the agent binds to.
2020-10-14 15:23:05 +00:00
- `bind_port` - The port the proxy will bind its _public_
2022-03-15 23:13:58 +00:00
mTLS listener to. If not provided, the agent will assign a random port from its
2023-01-25 16:52:43 +00:00
configured proxy port range specified by [`sidecar_min_port`](/consul/docs/agent/config/config-files#sidecar_min_port)
and [`sidecar_max_port`](/consul/docs/agent/config/config-files#sidecar_max_port).
2020-04-07 18:55:19 +00:00
2020-07-02 16:39:50 +00:00
- `local_service_address`- The `[address]:port`
2020-04-07 18:55:19 +00:00
that the proxy should use to connect to the local application instance. By default
it assumes `127.0.0.1` as the address and takes the port from the service definition's
`port` field. Note that allowing the application to listen on any non-loopback
2023-05-05 17:41:40 +00:00
address may expose it externally and bypass the service mesh's access enforcement. It may
2020-04-07 18:55:19 +00:00
be useful though to allow non-standard loopback addresses or where an alternative
known-private IP is available for example when using internal networking between
containers.
2020-07-02 16:39:50 +00:00
- `local_connect_timeout_ms` - The number
2020-04-07 18:55:19 +00:00
of milliseconds the proxy will wait to establish a connection to the _local application_
before giving up. Defaults to `1000` or 1 second.
2020-07-02 16:39:50 +00:00
- `handshake_timeout_ms` - The number of milliseconds
2020-04-07 18:55:19 +00:00
the proxy will wait for _incoming_ mTLS connections to complete the TLS handshake.
Defaults to `10000` or 10 seconds.
2020-07-02 16:39:50 +00:00
- `upstreams`- **Deprecated** Upstreams are now specified
2020-04-07 18:55:19 +00:00
in the `connect.proxy` definition. Upstreams specified in the opaque config map
here will continue to work for compatibility but it's strongly recommended that
2023-09-06 23:55:18 +00:00
you move to using the higher level [upstream configuration](/consul/docs/connect/proxies/proxy-config-reference#upstream-configuration-reference).
2020-04-07 18:55:19 +00:00
## Proxy Upstream Config Key Reference
2021-07-02 16:18:46 +00:00
All fields are optional with a reasonable default.
2020-04-07 18:55:19 +00:00
2020-07-02 16:39:50 +00:00
- `connect_timeout_ms` - The number of milliseconds
2020-04-07 18:55:19 +00:00
the proxy will wait to establish a TLS connection to the discovered upstream instance
before giving up. Defaults to `10000` or 10 seconds.