Skip to main content

tls proxy

tls proxy

The tls proxy binding detects ClientHello server_name extension to provide TLS virtual hosting by routing based on server name.

tls_proxy:
  type: tls
  kind: proxy

Configuration (* required)

vault

string

Vault name.

routes*

array of object

Conditional tls specific routes.

routes:
  - when:
      - alpn: echo
  exit: echo_server

routes[].guarded

object as map of named array of string

List of roles required by each named guard to authorize this route.

routes:
  - guarded:
      my_guard:
        - read:items

routes[].when

array of object

List of conditions (any match) to match this route. Read more: When a route matches

routes:
  - when:
      - alpn: echo

when[].authority

string

Associated authority.

when[].alpn

string

Application protocol.

when[].port

integer, string, array

Port number(s), including port number ranges.

routes[].exit

string

Next binding when following this route.

routes:
  - when:
    ...
    exit: echo_server

exit

string

Default exit binding when no conditional routes are viable.

exit: echo_server

telemetry

object

Defines the desired telemetry for the binding.

telemetry.metrics

array

Telemetry metrics to track

telemetry:
  metrics:
    - stream.*
© aklivity, inc. 2023-2024