Document updated on May 12, 2023
HTTP Per-backend Client settings
The HTTP client options allow you to set the client TLS settings for each backend, configure the no-redirect behavior, or connect through an external proxy.
You can set the client TLS settings for all backends as a global setting. Nevertheless, you can decide to individually change the client TLS settings for a specific backend.
HTTP client settings
To do so, include the backend/http/client
namespace in the backend
’s extra configuration. It accepts the following settings:
Fields of HTTP Client options
client_tls
- Allows to set specific transport settings when using TLS in your upstream services. See the global Client TLS options for the list of all supported options.
no_redirect
boolean- Set
no_redirect
to true if you don’t want KrakenD to follow redirects and let the consuming user to receive the30x
status code.Defaults tofalse
proxy_address
- The proxy address used to forward the traffic. The address must contain the protocol and the port.Example:
"http://proxy.corp:9099"
Example of Client TLS
The following configuration defines a custom certificate for any backend in the system through the ca_certs
, but the /foo
endpoint uses a different certificate instead.
It also prevents the gateway from following the redirections and returns the 302
codes as they are to the client, and finally, it connects using an overridden certificate and through a proxy.
{
"version": 3,
"$schema": "https://www.krakend.io/schema/v2.5/krakend.json",
"client_tls": {
"ca_certs": [
"custom.pem"
]
},
"endpoints": [
{
"endpoint": "/foo",
"output_encoding": "no-op",
"backend": [
{
"host": ["https://api"],
"url_pattern": "/foo",
"encoding": "no-op",
"extra_config": {
"backend/http/client": {
"no_redirect": true,
"client_tls": {
"allow_insecure_connections": true,
"ca_certs": [
"other_cert.pem"
]
},
"proxy_address": "http://proxy.corporation.com:9099"
}
}
}
]
}
]
}