Edge for Private Cloud v. 4.17.09
If you want to use an HTTP forward proxy between Edge and the backend target servers, then you have to configure the outbound proxy settings properties on the Edge Message Processor nodes. These properties configure the Message Processors to route target requests from Edge to the HTTP forward proxy.
To configure the Message Processor, edit the /opt/apigee/customer/application/message-processor.properties, and then restart the Message Processor. If the message-processor.properties file does not exist, create it.
Set the following properties to configure the Message Processor:
|
Property |
Description |
|---|---|
|
conf_http_HTTPClient.use.proxy |
Specifies that all API proxies use the forward proxy be default, true, or do not use it by default, false. |
|
conf_http_HTTPClient.use.tunneling |
By default Edge uses tunneling for all traffic. To disable tunneling by default, set this property to false. |
|
conf/http.properties+HTTPClient.proxy.type |
Specifies the type of the HTTP proxy as HTTP or HTTPS. By default, it uses HTTP. |
|
conf/http.properties+HTTPClient.proxy.host |
Specifies the host name or IP address where HTTP proxy is running. |
|
conf/http.properties+HTTPClient.proxy.port |
Specifies the port on which HTTP proxy is running. if this property is omitted, by default it uses port 80 for HTTP and port 443 for HTTPS. |
|
conf/http.properties+HTTPClient.proxy.user |
If the HTTP proxy requires basic-authentication, then use these properties to provide authorization details. |
For example:
conf_http_HTTPClient.use.proxy=true conf_http_HTTPClient.use.tunneling=false conf/http.properties+HTTPClient.proxy.type=HTTP conf/http.properties+HTTPClient.proxy.host=my.host.com conf/http.properties+HTTPClient.proxy.port=3128 conf/http.properties+HTTPClient.proxy.user=uName conf/http.properties+HTTPClient.proxy.password=pWord
Remember to restart the Message Processor after setting these properties:
/opt/apigee/apigee-service/bin/apigee-service edge-message-processor restart
If forward proxying is configured for the Message Processor, then all traffic going from API proxies to backend targets goes through the specified HTTP forward proxy. If the traffic for a specific target of an API proxy should go directly to the backend target, bypassing the forward proxy, then set the following property in the Target Endpoint to override the HTTP forward proxy:
<Property name="use.proxy">false</Property>
See Endpoint properties reference for more information on setting properties on the Target Endpoint.
If you don't want any targets to use the HTTP forward proxy by default, you can specify it http.properties as below:
conf_http_HTTPClient.use.proxy=false
Then set use.proxy to true for any Target Endpoint that you want to go through an HTTP forward proxy:
<Property name="use.proxy">true</Property>
By default Edge uses tunneling for the traffic to the proxy. To disable tunneling by default, set the following property in the message-processor.properties file:
conf_http_HTTPClient.use.tunneling=false
If for a specific target, if you want to disable tunneling, then set the use.proxy.tunneling property in the Target Endpoint. If the target uses TLS/SSL, then this property is ignored, and the message is always sent via a tunnel:
<Property name="use.proxy.tunneling">false</Property>
For Edge itself to act as the forward proxy - receiving request from the backend services and routing them to the internet outside of the enterprise - first set up an API proxy on Edge . The backend service can then make a request to the API proxy, which can then connect to external services.