When you use an HTTP forward proxy between Edge and the backend target servers, then you have to configure the Outbound Proxy Settings properties on Edge. These properties configure the Message Processors to route target requests from Edge to the HTTP forward proxy. To configure the Message Processor, edit the http.properties of the Message Processor in the file:
/instal-dir/apigee4/conf/apigee/message-processor/http.properties
Outbound Proxy Settings
- HTTPClient.proxy.type=HTTP
- Specifies the type of the HTTP proxy. It can be HTTP or HTTPS. If this property is commented out, it is treated as HTTP.
- HTTPClient.proxy.host=skyl
- Specifies the host name or IP address on which HTTP proxy is running.
- HTTPClient.proxy.port=4321
- Specifies the port on which HTTP proxy is running. if this property is commented out, it is treated as 80 for HTTP and 443 for HTTPS.
- HTTPClient.proxy.user=scot and HTTPClient.proxy.password=tiger
- If the HTTP proxy requires basic-authentication, then use these properties to provide authorization details.
If the HTTP forward proxy is configured, then all traffic going from API proxies to backend targets goes through the specified HTTP forward proxy. If the traffic for a specific target should go directly to the target, bypassing the forward proxy, then set the following target transport property in the Target Endpoint to override the HTTP forward proxy:
<Property name="use.proxy">false</Property>
If you don’t want any targets to use the HTTP forward proxy by default, you can specify it http.properties as below:
HTTPClient.use.proxy=false
Then set use.proxy to true for any Target Endpoint that you want to go through an HTTP forward proxy:
<Property name="use.proxy">true</Property>
By default Edge uses tunneling for the traffic to HTTPProxy. To disable tunneling, specify following in http.properties:
HTTPClient.use.tunneling=false
If for a specific target, you want to disable tunneling, then use the following target transport property (If the target uses SSL, then this property is ignored, and the message is always sent via a tunnel.):
<Property name="use.proxy.tunneling">false</Property>
For Edge itself to act as the forward proxy - receiving request from the backend services and routing them to the internet outside of the enterprise - first set up an API proxy on Edge . The backend service can then make a request to the API proxy, which can then connect to external services.
2 Likes
hi if I want to do the same in the 16.01, do I just add these to the /opt/apigee/customer/application/message-processor.properties ?
- HTTPClient.proxy.type=HTTP
- Specifies the type of the HTTP proxy. It can be HTTP or HTTPS. If this property is commented out, it is treated as HTTP.
- HTTPClient.proxy.host=skyl
- Specifies the host name or IP address on which HTTP proxy is running.
- HTTPClient.proxy.port=4321
- Specifies the port on which HTTP proxy is running. if this property is commented out, it is treated as 80 for HTTP and 443 for HTTPS.
- HTTPClient.proxy.user=scot and HTTPClient.proxy.password=tiger
Here are the properties which you need to set in /opt/apigee/customer/application/message-processor.properties to enable the forward proxy:
conf/http.properties+HTTPClient.proxy.type=HTTP
conf/http.properties+HTTPClient.proxy.host=xxxxx
conf/http.properties+HTTPClient.proxy.port=3128
conf/http.properties+HTTPClient.proxy.user=xxxxx
conf/http.properties+HTTPClient.proxy.password=xxxxx
conf_http_HTTPClient.use.proxy=true
conf_http_HTTPClient.use.tunneling=false
Hope this helps.
Can you please confirm/verify the syntax. The first convention described in your response uses ‘conf/http.properties+’ as the property name prefix and the second one uses ‘conf_http_’ as the property name prefix. Are there really two different conventions?
If you run this:
grep -ir "proxy" /opt/apigee/edge-message-processor/source/conf/http.properties
you will see the convention used. Take the value between the {T}'s and that is the name you use. for example:
#HTTPClient.proxy.type={T}conf_http_HTTPClient.proxy.type{/T}
In your /opt/apigee/customer/application/message-processor.properties you would set:
conf_http_HTTPClient.proxy.type=HTTP
yes, both of them are different convention as ‘+’ is used to add the new properties in a file which are commented out by default (#HTTPClient.proxy.type=HTTP) and ‘_’ is used to override the existing value of a property which is not commented out by default (HTTPClient.use.proxy=false)
Hope this clarifies the confusion about the syntax used in earlier answer.
Thanks,
Archendra
@archendra - The " ‘+’ is used to add the new properties in a file which are commented out by default" is a surprise and not documented which explains why my configuration wasn’t taking when setting the host, type and port. This should be documented. Maybe in the /opt/apigee/customer/README.md?
cc: @sgilson
i am now quite confused… the guide says nothing about the + syntax…
@Benjamin Goldman - Can you clarify something for us?
If your setting the property in the api proxy code is it the former as you stated above
<Property name="use.proxy.tunneling">false</Property>
or
<Property name="use.tunneling">false</Property>