-
Notifications
You must be signed in to change notification settings - Fork 8
Configure Carapace Proxy
Carapace configuration consists of standard java .properties files, containing a set of key-value pairs following the syntax entityname.index.propertyname=value
. For each property, the index
defines, for same entity
, the application priority during configuration loading.
The Carapace Proxy configuration can be performed in actually two ways:
- Before starting the service, by a static configuration file that Carapace automatically loads.
- With server up, applying a new configuration (named dynamic) with the REST API exposed or by editing the current one in the Admin UI > Configuration.
The static configuration is applied only once, when the server starts. The configuration file has to be located in the configuration folder of the server (carapace-server/conf) named server.properties. For an example of static-configuration file see server.properties.
The configuration is named dynamic whenever the server is running and you submit a new configuration (by the REST API exposed, performing a POST request to api/config/apply with the configuration you want to apply) or edit the current one by the Admin UI > Configuration. For an example of dynamic-configuration file see server.dynamic.properties.
Follow all things you can customize at runtime in the dynamic configuration.
listener.1.host=0.0.0.0
listener.1.port=8089
listener.1.enabled=true|false
listener.1.ocps=true|false
listener.1.ssl=true|false
`listener.1.defaultcertificate=*
backend.1.id=backend-1
unique id for the backend
backend.1.enabled=true|false
backend.1.host=hostname
backend.1.port=port
backend.1.probePath=/tomcatstatus/up
path where the proxy looks up to check the backend reachability
director.1.id=director-1
unique id for the director
director.1.enabled=true|false
director.1.backends=backend-1,backend-2,...,backend-n
set of comma separated backends id
action.1.id=action-1
unique id for the action
action.1.enabled=true|false
action.1.type=cache
type of the action (for all the available action types see here)
In addition to this basic properties, depending on the type there are other properties to setup.
action.1.director=director-1
id of the director to use (only for actions of type cache or proxy)
route.1.id=route-1
unique id for the route
route.1.enabled=true|false
route.1.action=action-1
id of the Action to perform
route.1.match= ~ ".*test.*"
RegEx used for the request mapping (whether not specified the route will be match to every request. For a deeply understending of matchers see Matching Expression Language section)
certificate.1.hostname=* certificate.1.sslcertfile=conf/localhost.p12 certificate.1.sslcertfilepassword=testproxy
Carapace Proxy features an ACME client that allows you to automatically manage dynamic certificates for configured backends, by a manager that takes care of performing all necessary steps needed to issue and renew all certificates from the Let's Encrypt CA.
Important: before go ahead and configure Carapace to manage dynamic certificates, we suggest you to read Let's Encrypt Rate Limits Policy.
By default dynamic certificates management is disabled. To enable it, you need to set an execution period > 0 for the Dynamic Certificates Manager as follow:
dynamiccertificatesmanager.period=30
in seconds
Once enabled, you can specify the size (bytes) of the Key Pairs (Public + Private keys) generated to perform certificate signing for a specific domain (default value is 2048):
dynamiccertificatesmanager.keypairssize=1024
size in bytes
Finally, all you need to do is setup the hostnames for those you want manage a dynamic certificate:
certificate.i.hostname=backend_domain
certificate.i.dynamic=true
default false
One of the most important properties you may need to set up whether you want to drive a great amount of connections to the backends is maxconnectionsperendpoint. By default the value is 10 and whether you want to change it you need to define it as follow:
connectionsmanager.maxconnectionsperendpoint=100