Jasmine W a9df6ac50b
docs: update structure (#8506)
- moved and renamed files/folders based on new structure
- updated docs navigation based on new structure
- moved CLI to top nav (created commands.jsx and commands-navigation.js)
- updated and added redirects
- updating to be consistent with standalone categories
- changing "overview" link in top nav to lead to where intro was moved (docs/intro)
- adding redirects for intro content
- deleting old intro folders
- format all data/navigation files
- deleting old commands folder
- reverting changes to glossary page
- adjust intro navigation for removal of 'vs' paths
- add helm page redirect
- fix more redirects
- add a missing redirect
- fix broken anchor links and formatting mistakes
- deleted duplicate section, added redirect, changed link
- removed duplicate glossary page
2020-09-01 11:14:13 -04:00

107 lines
4.2 KiB
Plaintext

---
layout: docs
page_title: Connect - Built-in Proxy
sidebar_title: Built-in Proxy
description: Consul Connect comes with a built-in proxy for testing and development.
---
# Built-In Proxy Options
Consul comes with a built-in L4 proxy for testing and development with Consul
Connect.
~> **Note:** [Envoy](/docs/connect/proxies/envoy) should be used for production deployments, or when [layer 7 traffic management](/docs/connect/l7-traffic-management) features are needed.
## Getting Started
To get started with the built-in proxy and see a working example you can follow the [Getting Started](https://learn.hashicorp.com/tutorials/consul/get-started-service-networking) tutorial.
## Proxy Config Key Reference
Below is a complete example of all the configuration options available
for the built-in proxy.
```javascript
{
"service": {
...
"connect": {
"proxy": {
"config": {
"bind_address": "0.0.0.0",
"bind_port": 20000,
"tcp_check_address": "192.168.0.1",
"disable_tcp_check": false,
"local_service_address": "127.0.0.1:1234",
"local_connect_timeout_ms": 1000,
"handshake_timeout_ms": 10000,
"upstreams": [...]
},
"upstreams": [
{
...
"config": {
"connect_timeout_ms": 1000
}
}
]
}
}
}
}
```
All fields are optional with a sane default.
- `bind_address` - The address the proxy will bind it's
_public_ mTLS listener to. It defaults to the same address the agent binds to.
- `bind_port` - The port the proxy will bind it's _public_
mTLS listener to. If not provided, the agent will attempt to assign one from its
[configured proxy port range](/docs/agent/options#sidecar_min_port) if available.
By default the range is [20000, 20255] and the port is selected at random from
that range.
- `tcp_check_address` - The address the agent will
run a [TCP health check](/docs/agent/checks) against. By default this is the same
as the proxy's [bind address](#bind_address) except if the bind address is `0.0.0.0`
or `[::]` in which case this defaults to `127.0.0.1` and assumes the agent can
dial the proxy over loopback. For more complex configurations where agent and proxy
communicate over a bridge for example, this configuration can be used to specify
a different _address_ (but not port) for the agent to use for health checks if
it can't talk to the proxy over localhost or it's publicly advertised port. The
check always uses the same port that the proxy is bound to.
- `disable_tcp_check` - If true, this disables a
TCP check being setup for the proxy. Default is false.
- `local_service_address`- The `[address]:port`
that the proxy should use to connect to the local application instance. By default
it assumes `127.0.0.1` as the address and takes the port from the service definition's
`port` field. Note that allowing the application to listen on any non-loopback
address may expose it externally and bypass Connect's access enforcement. It may
be useful though to allow non-standard loopback addresses or where an alternative
known-private IP is available for example when using internal networking between
containers.
- `local_connect_timeout_ms` - The number
of milliseconds the proxy will wait to establish a connection to the _local application_
before giving up. Defaults to `1000` or 1 second.
- `handshake_timeout_ms` - The number of milliseconds
the proxy will wait for _incoming_ mTLS connections to complete the TLS handshake.
Defaults to `10000` or 10 seconds.
- `upstreams`- **Deprecated** Upstreams are now specified
in the `connect.proxy` definition. Upstreams specified in the opaque config map
here will continue to work for compatibility but it's strongly recommended that
you move to using the higher level [upstream configuration](/docs/connect/registration/service-registration#upstream-configuration-reference).
## Proxy Upstream Config Key Reference
All fields are optional with a sane default.
- `connect_timeout_ms` - The number of milliseconds
the proxy will wait to establish a TLS connection to the discovered upstream instance
before giving up. Defaults to `10000` or 10 seconds.