status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-02-08 20:05:09 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #11608 from hashicorp/proxy-codeblocks

Browse Source 
docs: updated proxy page to use new codeblock
This commit is contained in:
mrspanishviking 2021-11-18 17:26:21 -08:00 committed by GitHub
commit 5c33003eb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/content/docs/connect/proxies/integrate.mdx
View File

@ -32,20 +32,24 @@ The proxy must accept TLS connections on some port to accept inbound connections
Call the [`/v1/agent/connect/ca/leaf/`] API endpoint to obtain the client certificate, e.g.: Call the [`/v1/agent/connect/ca/leaf/`] API endpoint to obtain the client certificate, e.g.:
```shell-session <CodeBlockConfig language="shell-session">
curl http://<host-ip>:8500/v1/agent/connect/ca/leaf/<service-name>
```shell
$ curl http://<host-ip>:8500/v1/agent/connect/ca/leaf/<service-name>
``` ```
</CodeBlockConfig>
The client certificate from the inbound connection must be validated against the Connect CA root certificates. Call the [`/v1/agent/connect/ca/roots`] endpoint to obtain the root certificates from the Connect CA, e.g.: The client certificate from the inbound connection must be validated against the Connect CA root certificates. Call the [`/v1/agent/connect/ca/roots`] endpoint to obtain the root certificates from the Connect CA, e.g.:
```shell-session <CodeBlockConfig language="shell-session">
curl http://<host-ip>:8500/v1/agent/connect/ca/roots
```shell
$ curl http://<host-ip>:8500/v1/agent/connect/ca/roots
``` ```
</CodeBlockConfig>
### Authorizing the connection ### Authorizing the connection
After validating the client certificate from the caller, the proxy can authorize the entire connection (L4) or each request (L7). Depending upon the [protocol] of the proxied service, authorization is performed either on a per-connection (L4) or per-request (L7) basis. Authentication is based on "service identity" (TLS), and is implemented at the After validating the client certificate from the caller, the proxy can authorize the entire connection (L4) or each request (L7). Depending upon the [protocol] of the proxied service, authorization is performed either on a per-connection (L4) or per-request (L7) basis. Authentication is based on "service identity" (TLS), and is implemented at the
@ -176,7 +180,7 @@ Alternatively, you may also use the flags `-token` or `-token-file` to provide t
<CodeBlockConfig language="shell-session"> <CodeBlockConfig language="shell-session">
```shell ```shell
consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token $ consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
``` ```
</CodeBlockConfig> </CodeBlockConfig>
@ -184,7 +188,7 @@ Alternatively, you may also use the flags `-token` or `-token-file` to provide t
<CodeBlockConfig > <CodeBlockConfig >
```shell ```shell
$ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token $ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
``` ```
</CodeBlockConfig> </CodeBlockConfig>