You are browsing documentation for an outdated version. See the latest documentation here.
Control Plane and Data Plane Communication through a Forward Proxy
If your control plane and data planes run on different sides of a firewall that runs external communications through a proxy, you can configure Kong Gateway to authenticate with the proxy server and allow traffic through.
Kong Gateway only supports HTTP CONNECT proxies.
This feature does not support mTLS termination.
Set up forward proxy connection
configure the following parameters:
proxy_server = http(s)://<username>:<password>@<proxy-host>:<proxy-port> proxy_server_tls_verify = on/off cluster_use_proxy = on lua_ssl_trusted_certificate = system | <certificate> | <path-to-cert>
proxy_server: Proxy server defined as a URL. Kong Gateway will only use this option if any component is explicitly configured to use the proxy.
proxy_server_tls_verify: Toggles server certificate verification if
proxy_serveris in HTTPS. Set to
onif using HTTPS (default), or
offif using HTTP.
cluster_use_proxy: Tells the cluster to use HTTP CONNECT proxy support for hybrid mode connections. If turned on, Kong Gateway will use the URL defined in
lua_ssl_trusted_certificate(Optional): If using HTTPS, you can also specify a custom certificate authority with
lua_ssl_trusted_certificate. If using the system default CA, you don’t need to change this value.
Reload Kong Gateway for the connection to take effect: