Skip to content

Configure Carapace Proxy

Paolo Venturi edited this page Jun 18, 2019 · 61 revisions

Carapace Configurations

Carapace configuration consists of standard java .properties files, containing a set of key-value pairs following the syntax entityname.index.propertyname=value.
For each property, the indexdefines, for same entity, the application priority during configuration loading.

The Carapace Proxy configuration can be performed in actually two ways:

  • Before starting the service, by a static configuration file that Carapace automatically loads.
  • With server up, applying a new configuration (named dynamic) with the REST API exposed or by editing the current one in the Admin UI > Configuration.

Static configuration

The static configuration is applied only once, when the server starts. The configuration file has to be located in the configuration folder of the server (carapace-server/conf) named server.properties. For an example of static-configuration file see server.properties.

Dynamic configuration

The configuration is named dynamic whenever the server is running and you submit a new configuration (by the REST API exposed, performing a POST request to api/config/apply with the configuration you want to apply) or edit the current one by the Admin UI > Configuration. For an example of dynamic-configuration file see server.dynamic.properties.

Dynamic Configuration in Depth

Follow all things you can customize at runtime in the dynamic configuration.

Listeners

listener.1.host=0.0.0.0address where to listen at
listener.1.port=8080
listener.1.enabled=true|false
listener.1.ocps=true|false
listener.1.ssl=true|false
listener.1.defaultcertificate=certificate-1 id of the certificate to use for incoming requests to this listener

Backends

backend.1.id=backend-1 unique id for the backend
backend.1.enabled=true|false
backend.1.host=hostname
backend.1.port=port
backend.1.probePath=/tomcatstatus/up path where the proxy looks up to check the backend reachability

Directors

director.1.id=director-1 unique id for the director
director.1.enabled=true|false
director.1.backends=backend-1,backend-2,...,backend-n set of comma separated backends id

Actions

action.1.id=action-1 unique id for the action
action.1.enabled=true|false
action.1.type=cache type of the action (for all the available action types see here)
action.1.headers=header-1,header-2,...header-n set of comma separated headers id (for more details see HTTP Headers Management)

In addition to this basic properties, depending on the type of the action there are other properties to setup.

Action Static

action.1.file=file path-to-file path to the file to serve as static resource

Action Proxy and Cache

action.1.director=director-1 id of the director to use

Action Redirect

action.1.code=307 HTTPS code to use in the redirect response

To perform absolute redirects:
action.1.redirect.location=http://localhost:8080/index0.html

To perform relative redirects:
action.1.redirect.proto=http|https
action.1.redirect.host=192.0.0.1
action.4.redirect.port=1234
action.1.redirect.path=/index.html

Routes

route.1.id=route-1 unique id for the route
route.1.enabled=true|false
route.1.action=action-1 id of the Action to perform
route.1.match= ~ ".*test.*" RegEx used for the request mapping (whether not specified the route will be match to every request. For a deeply understending of matchers see Matching Expression Language section)

Static Certificates

certificate.1.hostname=* certificate.1.sslcertfile=conf/localhost.p12 certificate.1.sslcertfilepassword=testproxy

Dynamic Certificates

Carapace Proxy features an ACME client that allows you to automatically manage dynamic certificates for configured backends, by a manager that takes care of performing all necessary steps needed to issue and renew all certificates from the Let's Encrypt CA.

Important: before go ahead and configure Carapace to manage dynamic certificates, we suggest you to read Let's Encrypt Rate Limits Policy.

Enabling Carapace to manage Dynamic Certificates

By default dynamic certificates management is disabled. To enable it, you need to set an execution period > 0 for the Dynamic Certificates Manager as follow:
dynamiccertificatesmanager.period=30 in seconds

Once enabled, you can specify the size (bytes) of the Key Pairs (Public + Private keys) generated to perform certificate signing for a specific domain (default value is 2048):
dynamiccertificatesmanager.keypairssize=1024 size in bytes

Finally, all you need to do is setup the hostnames for those you want manage a dynamic certificate:
certificate.i.hostname=backend_domain
certificate.i.dynamic=true default false

Connections management

One of the most important properties you may need to set up whether you want to drive a great amount of connections to the backends is maxconnectionsperendpoint. By default the value is 10 and whether you want to change it you need to define it as follow: connectionsmanager.maxconnectionsperendpoint=100

Clone this wiki locally