Overview
The Gateway Proxy is a standalone application to be deployed separately. The proxy enables communication to an outbound server through it's REST API. If a request is send to it’s endpoint it will forward the request to upstream servers.
The proxy is build on top of Spring Boot. It's connection routing aware and offers authentication via OAuth20, Oauth10A, a Bearer Token forward mechanism and fixed headers.
Configuration
The proxy can be configured using environment variables and a configuration files. The configuration file for setting connection routing properties is called connection-routing.yml and has to be in the same directory as the gateway proxy jar package.
Allowing requests to all target servers
By default the proxy only works for outbound connections to URLs configured in the connection-routing-yml file. All other requests are blocked. Setting the environment variable PROXY_ALLOW_UNKNOWN_TARGETs to true allows requests to be proxied to all target URLs.
Logging verbosity
Logging verbosity can be controlled by an environment variable called PROXY_GATEWAY_LOG_LEVEL. Set this to DEBUG for full verbosity and to INFO for more concise logging output.
Running the Application
The application is provided as a docker container at registry.mid.de/smartfacts/smartfacts-gateway-proxy:latest. A docker-compose.yml file can be used to run the gateway proxy in a Docker environment and provide volumes to inject SSL certificates and a connection-routing.yml file. The following example docker-compose.yml file exposes the proxy on port 8418 of the docker host. It uses the certificates stored in /tmp/certificates. It uses the connection-routing.yml file at /tmp/connection-routing.yml
Docker Compose configuration file
services:
gateway-proxy:
image: registry.mid.de/smartfacts/smartfacts-gateway-proxy:<VERSION>
ports:
- 8418:8080
environment:
- USE_SYSTEM_CA_CERTS=1
volumes:
- /tmp/cacerts:/certificates
- /tmp/connection-routing.yml:/opt/smartfacts-gateway-proxy/connection-routing.yml
Starting the docker container
Change to the directory containing the docker-compose.yml configuration file. In order to access the MID Docker registry you need an access token from MID.
#> docker login registry.mid.de #> docker compose up gateway-proxy
Proxy HTTP endpoint
The proxy application exposes the endpoint /proxy/stream to relay HTTP GET, POST, PUT, DELETE, PATCH and HEAD requests. Only requests to outbound servers that are configured in the connection-routing.yml configuration file are allowed by default. This behavior can be controlled by the environment variable PROXY_ALLOW_UNKNOWN_TARGETS.
Usage
Request sent to the endpoint /proxy/stream with a Request Parameter named target are proxied. The target request parameter has to be set to an outbound
server URL. The outbound server URL has to be url encoded. Responses from the outbound server are streamed through the proxy back to the user-agent.
Examples
Proxy a GET request to
http://example.com/foo:#> curl -X GET http://proxy.host/proxy/stream?target=http%3a%2f%2fexample.com/foo
Proxy a Post request with a JSON body to
http://example.com/bar:#> curl -X POST -H "Content-Type: appliction/json" -d '{"my-data": "baz"}' http://proxy.host/proxy/stream?target=http%3a%2f%2fexample.com/bar
Reference
Environment variables
Name | Value |
|---|---|
| Control if the proxy allows requests to URLs not configured in the Possible values: |
| Control the log verbosity. The default logging level is Possible values: |
Connection Routing
Please refer to the connection routing documentation.
0 Comments