status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-24 12:40:17 +00:00
Code Issues Projects Releases Wiki Activity
consul/website/content/docs/connect/proxies/built-in.mdx
Jared Kirschner 166d7a39e8
docs: consistently name Consul service mesh (#17222) 
Remove outdated usage of "Consul Connect" instead of Consul service mesh.

The connect subsystem in Consul provides Consul's service mesh capabilities.
However, the term "Consul Connect" should not be used as an alternative to
the name "Consul service mesh".
2023-05-05 13:41:40 -04:00

89 lines
3.4 KiB
Plaintext
Raw Blame History

---
layout: docs
page_title: Built-in Proxy Configuration | Service Mesh
description: >-
Consul includes a built-in L4 proxy with limited capabilities to use for development and testing only. Use the built-in proxy config key reference to learn about the options you can configure.
---
# Built-in Proxy Configuration for Service Mesh
~> **Note:** The built-in proxy is not supported for production deployments. It does not
support many of Consul's service mesh features, and is not under active development.
The [Envoy proxy](/consul/docs/connect/proxies/envoy) should be used for production deployments.
Consul comes with a built-in L4 proxy for testing and development with Consul
service mesh.
## Proxy Config Key Reference
Below is a complete example of all the configuration options available
for the built-in proxy.
```json
{
"service": {
...
"connect": {
"proxy": {
"config": {
"bind_address": "0.0.0.0",
"bind_port": 20000,
"local_service_address": "127.0.0.1:1234",
"local_connect_timeout_ms": 1000,
"handshake_timeout_ms": 10000,
"upstreams": [...]
},
"upstreams": [
{
...
"config": {
"connect_timeout_ms": 1000
}
}
]
}
}
}
}
```
All fields are optional with a reasonable default.
- `bind_address` - The address the proxy will bind its
_public_ mTLS listener to. It defaults to the same address the agent binds to.
- `bind_port` - The port the proxy will bind its _public_
mTLS listener to. If not provided, the agent will assign a random port from its
configured proxy port range specified by [`sidecar_min_port`](/consul/docs/agent/config/config-files#sidecar_min_port)
and [`sidecar_max_port`](/consul/docs/agent/config/config-files#sidecar_max_port).
- `local_service_address`- The `[address]:port`
that the proxy should use to connect to the local application instance. By default
it assumes `127.0.0.1` as the address and takes the port from the service definition's
`port` field. Note that allowing the application to listen on any non-loopback
address may expose it externally and bypass the service mesh's access enforcement. It may
be useful though to allow non-standard loopback addresses or where an alternative
known-private IP is available for example when using internal networking between
containers.
- `local_connect_timeout_ms` - The number
of milliseconds the proxy will wait to establish a connection to the _local application_
before giving up. Defaults to `1000` or 1 second.
- `handshake_timeout_ms` - The number of milliseconds
the proxy will wait for _incoming_ mTLS connections to complete the TLS handshake.
Defaults to `10000` or 10 seconds.
- `upstreams`- **Deprecated** Upstreams are now specified
in the `connect.proxy` definition. Upstreams specified in the opaque config map
here will continue to work for compatibility but it's strongly recommended that
you move to using the higher level [upstream configuration](/consul/docs/connect/registration/service-registration#upstream-configuration-reference).
## Proxy Upstream Config Key Reference
All fields are optional with a reasonable default.
- `connect_timeout_ms` - The number of milliseconds
the proxy will wait to establish a TLS connection to the discovered upstream instance
before giving up. Defaults to `10000` or 10 seconds.
Reference in New Issue View Git Blame Copy Permalink