Configure Forward Proxying from Edge to a Backend Server

Edge for Private Cloud v. 4.17.01

If you want to use an HTTP forward proxy between Edge and the backend target servers, then you have to configure the outbound proxy settings properties on the Edge Message Processor nodes. These properties configure the Message Processors to route target requests from Edge to the HTTP forward proxy.

To configure the Message Processor, edit the /opt/apigee/customer/application/message-processor.properties, and then restart the Message Processor. If the message-processor.properties file does not exist, create it.

Set the following properties to configure the Message Processor:

Property

Description

conf_http_HTTPClient.use.proxy

Specifies that all API proxies use the forward proxy be default, true, or do not use it by default, false.

conf_http_HTTPClient.use.tunneling

By default Edge uses tunneling for all traffic. To disable tunneling by default, set this property to false.

conf/http.properties+HTTPClient.proxy.type

Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses HTTP.

conf/http.properties+HTTPClient.proxy.host

Specifies the host name or IP address where HTTP proxy is running.

conf/http.properties+HTTPClient.proxy.port

Specifies the port on which HTTP proxy is running. if this property is omitted, by default it uses port 80 for HTTP and port 443 for HTTPS.

conf/http.properties+HTTPClient.proxy.user
conf/http.properties+HTTPClient.proxy.password

If the HTTP proxy requires basic-authentication, then use these properties to provide authorization details.

For example:

conf_http_HTTPClient.use.proxy=true
conf_http_HTTPClient.use.tunneling=false
conf/http.properties+HTTPClient.proxy.type=HTTP
conf/http.properties+HTTPClient.proxy.host=my.host.com
conf/http.properties+HTTPClient.proxy.port=3128
conf/http.properties+HTTPClient.proxy.user=uName
conf/http.properties+HTTPClient.proxy.password=pWord

Remember to restart the Message Processor after setting these properties:

/opt/apigee/apigee-service/bin/apigee-service edge-message-processor restart

If forward proxying is configured for the Message Processor, then all traffic going from API proxies to backend targets goes through the specified HTTP forward proxy. If the traffic for a specific target of an API proxy should go directly to the backend target, bypassing the forward proxy, then set the following property in the Target Endpoint to override the HTTP forward proxy:

<Property name="use.proxy">false</Property> 

See Endpoint properties reference for more information on setting properties on the Target Endpoint.

If you don't want any targets to use the HTTP forward proxy by default, you can specify it http.properties as below:

conf_http_HTTPClient.use.proxy=false

Then set use.proxy to true for any Target Endpoint that you want to go through an HTTP forward proxy:

<Property name="use.proxy">true</Property>

By default Edge uses tunneling for the traffic to the proxy. To disable tunneling by default, set the following property in the message-processor.properties file:

conf_http_HTTPClient.use.tunneling=false 

If for a specific target, if you want to disable tunneling, then set the use.proxy.tunneling property in the Target Endpoint. If the target uses TLS/SSL, then this property is ignored, and the message is always sent via a tunnel:

<Property name="use.proxy.tunneling">false</Property>

For Edge itself to act as the forward proxy - receiving request from the backend services and routing them to the internet outside of the enterprise - first set up an API proxy on Edge . The backend service can then make a request to the API proxy, which can then connect to external services.