forked from praxis-proxy/praxis
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtls-mtls-both.yaml
More file actions
43 lines (40 loc) · 1.17 KB
/
Copy pathtls-mtls-both.yaml
File metadata and controls
43 lines (40 loc) · 1.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Full mTLS (Both Directions)
#
# Client mTLS to the proxy (client cert required), and
# proxy mTLS to the upstream backend (proxy presents its
# own client certificate).
#
# Client -> mTLS -> Praxis :8443 -> mTLS -> Backend :9443
#
# Usage:
# cargo run -p praxis -- -c examples/configs/protocols/tls-mtls-both.yaml
# curl --cert client.pem --key client-key.pem --cacert ca.pem https://localhost:8443/
listeners:
- name: secure
address: "127.0.0.1:8443"
filter_chains:
- main
tls:
certificates:
- cert_path: /etc/ssl/certs/server.pem
key_path: /etc/ssl/private/server-key.pem
client_ca:
ca_path: /etc/ssl/certs/client-ca.pem
client_cert_mode: require
filter_chains:
- name: main
filters:
- filter: router
routes:
- path_prefix: "/"
cluster: backend
- filter: load_balancer
clusters:
- name: backend
tls:
verify: false # dev only
client_cert:
cert_path: /etc/ssl/certs/proxy-client.pem
key_path: /etc/ssl/private/proxy-client-key.pem
endpoints:
- "127.0.0.1:9443"