-
Notifications
You must be signed in to change notification settings - Fork 8
Configure Carapace Proxy
Carapace configuration consists of standard java .properties files, containing a set of key-value pairs following the syntax entityname.index.propertyname=value. For each property, the indexdefines, for same entity, the application priority during configuration loading.
The Carapace Proxy configuration can be performed in actually two ways:
- Before starting the service, by a static configuration file that Carapace automatically loads.
- With server up, applying a new configuration (named dynamic) with the REST API exposed or by editing the current one in the Admin UI > Configuration.
The static configuration is applied only once, when the server starts. The configuration file has to be located in the configuration folder of the server (carapace-server/conf) named server.properties. For an example of static-configuration file see server.properties.
The configuration is named dynamic whenever the server is running and you submit a new configuration (by the REST API exposed, performing a POST request to api/config/apply with the configuration you want to apply) or edit the current one by the Admin UI > Configuration. For an example of dynamic-configuration file see server.dynamic.properties.
Follow all things you can customize at runtime in the dynamic configuration.
backend.1.id=unique_id_for_the_backend
backend.1.enabled=true|false
backend.1.host=hostname
backend.1.port=port
backend.1.probePath=/tomcatstatus/up path where the proxy looks up to check the backend reachability
Carapace Proxy features an ACME client that allows you to automatically manage dynamic certificates for configured backends, by a manager that takes care of performing all necessary steps needed to issue and renew all certificates from the Let's Encrypt CA.
Important: before go ahead and configure Carapace to manage dynamic certificates, we suggest you to read Let's Encrypt Rate Limits Policy.
By default dynamic certificates management is disabled. To enable it, you need to set an execution period > 0 for the Dynamic Certificates Manager as follow:
dynamiccertificatesmanager.period=30 in seconds
Once enabled, you can specify the size (bytes) of the Key Pairs (Public + Private keys) generated to perform certificate signing for a specific domain (default value is 2048):
dynamiccertificatesmanager.keypairssize=1024 size in bytes
Finally, all you need to do is setup the hostnames for those you want manage a dynamic certificate:
certificate.i.hostname=backend_domain
certificate.i.dynamic=true default false
One of the most important properties you may need to set up whether you want to drive a great amount of connections to the backends is maxconnectionsperendpoint. By default the value is 10 and whether you want to change it you need to define it as follow:
connectionsmanager.maxconnectionsperendpoint=100