Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.3.x (latest)
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this pageOn this page
  • Set up forward proxy connection
Kong Gateway
3.1.x
  • Home
  • Kong Gateway
  • Production Deployment
  • Networking
  • Control Plane and Data Plane Communication through a Forward Proxy
You are browsing documentation for an outdated version. See the latest documentation here.

Control Plane and Data Plane Communication through a Forward Proxy

If your control plane and data planes run on different sides of a firewall that runs external communications through a proxy, you can configure Kong Gateway to authenticate with the proxy server and allow traffic through.

Kong Gateway only supports HTTP CONNECT proxies.

This feature does not support mTLS termination.

Set up forward proxy connection

In kong.conf, configure the following parameters:

proxy_server = http(s)://<username>:<password>@<proxy-host>:<proxy-port>
proxy_server_tls_verify = on/off
cluster_use_proxy = on
lua_ssl_trusted_certificate = system | <certificate> | <path-to-cert>
  • proxy_server: Proxy server defined as a URL. Kong Gateway will only use this option if any component is explicitly configured to use the proxy.

  • proxy_server_tls_verify: Toggles server certificate verification if proxy_server is in HTTPS. Set to on if using HTTPS (default), or off if using HTTP.

  • cluster_use_proxy: Tells the cluster to use HTTP CONNECT proxy support for hybrid mode connections. If turned on, Kong Gateway will use the URL defined in proxy_server to connect.

  • lua_ssl_trusted_certificate (Optional): If using HTTPS, you can also specify a custom certificate authority with lua_ssl_trusted_certificate. If using the system default CA, you don’t need to change this value.

Reload Kong Gateway for the connection to take effect:

kong reload
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023