2022-09-16 10:28:32 -05:00

36 lines
1.7 KiB
Plaintext

---
layout: docs
page_title: Service Mesh Proxy Overview
description: >-
In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
---
# Service Mesh Proxy Overview
A Connect-aware proxy enables unmodified applications to use Connect. A
per-service proxy sidecar transparently handles inbound and outbound service
connections, automatically wrapping and verifying TLS connections. Consul
includes its own built-in L4 proxy and has first class support for Envoy. You
can choose other proxies to plug in as well. This section describes how to
configure Envoy or the built-in proxy using Connect, and how to integrate the
proxy of your choice.
To ensure that services only allow external connections established via
the Connect protocol, you should configure all services to only accept connections on a loopback address.
~> **Deprecation Note:** Managed Proxies are a deprecated method for deploying
sidecar proxies, and have been removed in Consul 1.6. See [managed proxy
deprecation](/docs/connect/proxies/managed-deprecated) for more
information. If you are using managed proxies we strongly recommend that you
switch service definitions for registering proxies.
## Dynamic Upstreams Require Native Integration
If an application requires dynamic dependencies that are only available
at runtime, it must [natively integrate](/docs/connect/native)
with Connect. After natively integrating, the HTTP API or
[DNS interface](/docs/discovery/dns#connect-capable-service-lookups)
can be used.
!> Connect proxies do not currently support dynamic upstreams.