How to do forward proxying using Apigee Edge for t...

Report Inappropriate Content · ‎08-17-2015

When you use an HTTP forward proxy between Edge and the backend target servers, then you have to configure the Outbound Proxy Settings properties on Edge. These properties configure the Message Processors to route target requests from Edge to the HTTP forward proxy. To configure the Message Processor, edit the http.properties of the Message Processor in the file:

/instal-dir/apigee4/conf/apigee/message-processor/http.properties

Outbound Proxy Settings

HTTPClient.proxy.type=HTTP
- Specifies the type of the HTTP proxy. It can be HTTP or HTTPS. If this property is commented out, it is treated as HTTP.
HTTPClient.proxy.host=skyl
- Specifies the host name or IP address on which HTTP proxy is running.
HTTPClient.proxy.port=4321
- Specifies the port on which HTTP proxy is running. if this property is commented out, it is treated as 80 for HTTP and 443 for HTTPS.
HTTPClient.proxy.user=scot and HTTPClient.proxy.password=tiger
- If the HTTP proxy requires basic-authentication, then use these properties to provide authorization details.

If the HTTP forward proxy is configured, then all traffic going from API proxies to backend targets goes through the specified HTTP forward proxy. If the traffic for a specific target should go directly to the target, bypassing the forward proxy, then set the following target transport property in the Target Endpoint to override the HTTP forward proxy:

<Property name="use.proxy">false</Property>

If you don't want any targets to use the HTTP forward proxy by default, you can specify it http.properties as below:

HTTPClient.use.proxy=false

Then set use.proxy to true for any Target Endpoint that you want to go through an HTTP forward proxy:

<Property name="use.proxy">true</Property>

By default Edge uses tunneling for the traffic to HTTPProxy. To disable tunneling, specify following in http.properties:

HTTPClient.use.tunneling=false

If for a specific target, you want to disable tunneling, then use the following target transport property (If the target uses SSL, then this property is ignored, and the message is always sent via a tunnel.):

<Property name="use.proxy.tunneling">false</Property>

For Edge itself to act as the forward proxy - receiving request from the backend services and routing them to the internet outside of the enterprise - first set up an API proxy on Edge . The backend service can then make a request to the API proxy, which can then connect to external services.

chiki_sun · ‎04-20-2016

hi if I want to do the same in the 16.01, do I just add these to the /opt/apigee/customer/application/message-processor.properties ?

HTTPClient.proxy.type=HTTP

Specifies the type of the HTTP proxy. It can be HTTP or HTTPS. If this property is commented out, it is treated as HTTP.

HTTPClient.proxy.host=skyl

Specifies the host name or IP address on which HTTP proxy is running.

HTTPClient.proxy.port=4321

Specifies the port on which HTTP proxy is running. if this property is commented out, it is treated as 80 for HTTP and 443 for HTTPS.

HTTPClient.proxy.user=scot and HTTPClient.proxy.password=tiger

Report Inappropriate Content · ‎04-20-2016

Here are the properties which you need to set in /opt/apigee/customer/application/message-processor.properties to enable the forward proxy:

conf/http.properties+HTTPClient.proxy.type=HTTP

conf/http.properties+HTTPClient.proxy.host=xxxxx

conf/http.properties+HTTPClient.proxy.port=3128

conf/http.properties+HTTPClient.proxy.user=xxxxx

conf/http.properties+HTTPClient.proxy.password=xxxxx

conf_http_HTTPClient.use.proxy=true

conf_http_HTTPClient.use.tunneling=false

Hope this helps.

kctreacy · ‎04-27-2016

Can you please confirm/verify the syntax. The first convention described in your response uses 'conf/http.properties+' as the property name prefix and the second one uses 'conf_http_' as the property name prefix. Are there really two different conventions?

david_ryan · ‎04-29-2016

If you run this:

grep -ir "proxy" /opt/apigee/edge-message-processor/source/conf/http.properties

you will see the convention used. Take the value between the {T}'s and that is the name you use. for example:

#HTTPClient.proxy.type={T}conf_http_HTTPClient.proxy.type{/T}

In your /opt/apigee/customer/application/message-processor.properties you would set:

conf_http_HTTPClient.proxy.type=HTTP

Report Inappropriate Content · ‎04-29-2016

yes, both of them are different convention as '+' is used to add the new properties in a file which are commented out by default (#HTTPClient.proxy.type=HTTP) and '_' is used to override the existing value of a property which is not commented out by default (HTTPClient.use.proxy=false)

Hope this clarifies the confusion about the syntax used in earlier answer.

Thanks,

Archendra

david_ryan · ‎05-02-2016

@archendra - The " '+' is used to add the new properties in a file which are commented out by default" is a surprise and not documented which explains why my configuration wasn't taking when setting the host, type and port. This should be documented. Maybe in the /opt/apigee/customer/README.md?

cc: @sgilson

Report Inappropriate Content · ‎05-02-2016

i am now quite confused... the guide says nothing about the + syntax....

david_ryan · ‎05-20-2016

@Benjamin Goldman - Can you clarify something for us?

If your setting the property in the api proxy code is it the former as you stated above

<Property name="use.proxy.tunneling">false</Property>

or

<Property name="use.tunneling">false</Property>

How to do forward proxying using Apigee Edge for the Private Cloud?

Outbound Proxy Settings