github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #11608 from hashicorp/proxy-codeblocks 

docs: updated proxy page to use new codeblock
pull/11614/head
mrspanishviking 2021-11-18 17:26:21 -08:00 committed by GitHub
parent dd4a59db8e d4cbe68913
commit 5c33003eb2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
website/content/docs/connect/proxies/integrate.mdx
View File

@ -32,20 +32,24 @@ The proxy must accept TLS connections on some port to accept inbound connections
Call the [`/v1/agent/connect/ca/leaf/`] API endpoint to obtain the client certificate, e.g.:
```shell-session
curl http://<host-ip>:8500/v1/agent/connect/ca/leaf/<service-name>
<CodeBlockConfig language="shell-session">
```shell
$ curl http://<host-ip>:8500/v1/agent/connect/ca/leaf/<service-name>
```
</CodeBlockConfig>
The client certificate from the inbound connection must be validated against the Connect CA root certificates. Call the [`/v1/agent/connect/ca/roots`] endpoint to obtain the root certificates from the Connect CA, e.g.:
```shell-session
curl http://<host-ip>:8500/v1/agent/connect/ca/roots
<CodeBlockConfig language="shell-session">
```shell
$ curl http://<host-ip>:8500/v1/agent/connect/ca/roots
```
</CodeBlockConfig>
### Authorizing the connection
After validating the client certificate from the caller, the proxy can authorize the entire connection (L4) or each request (L7). Depending upon the [protocol] of the proxied service, authorization is performed either on a per-connection (L4) or per-request (L7) basis. Authentication is based on "service identity" (TLS), and is implemented at the
@ -176,7 +180,7 @@ Alternatively, you may also use the flags `-token` or `-token-file` to provide t
<CodeBlockConfig language="shell-session">
```shell
consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
$ consul connect envoy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
```
</CodeBlockConfig>
@ -184,7 +188,7 @@ Alternatively, you may also use the flags `-token` or `-token-file` to provide t
<CodeBlockConfig >
```shell
$ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
$ consul connect proxy -sidecar-for "web" -token-file=/etc/consul.d/consul.token
```
</CodeBlockConfig>