Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-7967

APIcast does not support using a proxy to connect with upstreams not defined as Private Base URL

XMLWordPrintable

    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Hide

      in APIcast, configure:
      THREESCALE_PORTAL_ENDPOINT=https://<ACCESS_TOKEN>@<EXTERNAL_ROUTE>:443/master/api/proxy/configs
      HTTPS_PROXY=<SOME_PROXY>

      Show
      in APIcast, configure: THREESCALE_PORTAL_ENDPOINT=https://<ACCESS_TOKEN>@<EXTERNAL_ROUTE>:443/master/api/proxy/configs HTTPS_PROXY=<SOME_PROXY>

      When APIcast is configured with https_proxy, and the environment variable THREESCALE_PORTAL_ENDPOINT is configured to the value of the OpenShift route, the connection to fetch the json configuration will go through the proxy, however DNS resolution is still performed on the gateway, so the proxy will receive a CONNECT request similar to the following:

      CONNECT 165.71.36.168:80 HTTP/1.1
Host: server.example.com:80

      According to the spec: https://httpwg.org/specs/rfc7231.html#CONNECT and https://httpwg.org/specs/rfc7230.html#request-target

      We would expect the DNS resolution to be offloaded to the proxy, and the CONNECT to look like:

      CONNECT server.example.com:80 HTTP/1.1
Host: server.example.com:80

      The expected behaviour matches what we currently do in our http_proxy policy, where no resolution is applied on APIcast.

      The same should apply for request to the 3scale backend.

            Unassigned Unassigned
            rhn-support-sillumin Samuele Illuminati (Inactive)
            Jakub Urban Jakub Urban
            Kevin Price Kevin Price
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: