Enterprise Documentation
HTTP Per-backend Client settings
Document updated on May 12, 2023
The HTTP client options allow you to set the client TLS settings for each backend, configure the no-redirect behavior, or connect through an external proxy.
You can set the client TLS settings for all backends as a global setting. Nevertheless, you can decide to individually change the client TLS settings for a specific backend.
HTTP client settings
To do so, include the backend/http/client namespace in the backend’s extra configuration. It accepts the following settings:
Fields of HTTP Client options
| Allows to set specific transport settings when using TLS in your upstream services. See the global Client TLS options for the list of all supported options. |
| Set no_redirect to true if you don’t want KrakenD to follow redirects and let the consuming user to receive the 30x status code.Defaults to false |
| The proxy address used to forward the traffic. The address must contain the protocol and the port. Example: "http://proxy.corp:9099" |
Example of Client TLS
The following configuration defines a custom certificate for any backend in the system through the ca_certs, but the /foo endpoint uses a different certificate instead.
It also prevents the gateway from following the redirections and returns the 302 codes as they are to the client, and finally, it connects using an overridden certificate and through a proxy.
{
"version": 3,
"$schema": "https://www.krakend.io/schema/v2.6/krakend.json",
"client_tls": {
"ca_certs": [
"custom.pem"
]
},
"endpoints": [
{
"endpoint": "/foo",
"output_encoding": "no-op",
"backend": [
{
"host": ["https://api"],
"url_pattern": "/foo",
"encoding": "no-op",
"extra_config": {
"backend/http/client": {
"no_redirect": true,
"client_tls": {
"allow_insecure_connections": true,
"ca_certs": [
"other_cert.pem"
]
},
"proxy_address": "http://proxy.corporation.com:9099"
}
}
}
]
}
]
}
