You are browsing documentation for an outdated version.
See the latest documentation here.
Control Plane and Data Plane Communication through a Forward Proxy
If your control plane and data planes run on different sides of a firewall
that runs external communications through a proxy, you can configure
Kong Gateway to authenticate with the proxy server and allow
Kong Gateway only supports HTTP CONNECT proxies.
This feature does not support mTLS termination.
Set up forward proxy connection
configure the following parameters:
proxy_server = http(s)://<username>:<password>@<proxy-host>:<proxy-port>
proxy_server_tls_verify = on/off
cluster_use_proxy = on
lua_ssl_trusted_certificate = system | <certificate> | <path-to-cert>
proxy_server: Proxy server defined as a URL. Kong Gateway will
only use this option if any component is explicitly configured to use the proxy.
proxy_server_tls_verify: Toggles server certificate verification if
proxy_server is in HTTPS. Set to
on if using HTTPS (default), or
cluster_use_proxy: Tells the cluster to use HTTP CONNECT proxy support for
hybrid mode connections. If turned on, Kong Gateway will use the
URL defined in
proxy_server to connect.
lua_ssl_trusted_certificate (Optional): If using HTTPS, you can also
specify a custom certificate authority with
using the system default CA,
you don’t need to change this value.
Reload Kong Gateway for the connection to take effect: