Document updated on May 12, 2023
The HTTP client options allow you to set the client TLS settings for each backend, configure the no-redirect behavior, or connect through an external proxy.
You can set the client TLS settings for all backends as a global setting. Nevertheless, you can decide to individually change the client TLS settings for a specific backend.
To do so, include the backend/http/client
namespace in the backend
’s extra configuration. It accepts the following settings:
| Allows to set specific transport settings when using TLS in your upstream services. See the global Client TLS options for the list of all supported options. |
| Set no_redirect to true if you don’t want KrakenD to follow redirects and let the consuming user to receive the 30x status code.Defaults to false |
| The proxy address used to forward the traffic. The address must contain the protocol and the port. Example: "http://proxy.corp:9099" |
The following configuration defines a custom certificate for any backend in the system through the ca_certs
, but the /foo
endpoint uses a different certificate instead.
It also prevents the gateway from following the redirections and returns the 302
codes as they are to the client, and finally, it connects using an overridden certificate and through a proxy.
{
"version": 3,
"$schema": "https://www.krakend.io/schema/v2.3/krakend.json",
"client_tls": {
"ca_certs": [
"custom.pem"
]
},
"endpoints": [
{
"endpoint": "/foo",
"output_encoding": "no-op",
"backend": [
{
"host": ["https://api"],
"url_pattern": "/foo",
"encoding": "no-op",
"extra_config": {
"backend/http/client": {
"no_redirect": true,
"client_tls": {
"allow_insecure_connections": true,
"ca_certs": [
"other_cert.pem"
]
},
"proxy_address": "http://proxy.corporation.com:9099"
}
}
}
]
}
]
}
The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.