Skip to content

Docs for HTTPS scenarios #305

Open
Open
Docs for HTTPS scenarios#305
Labels
Deployment cookbookBase capability is there, but documentation on how to achieve the scenario is required.Type: DocumentationImprovements or additions to documentationType: IdeaThis issue is a high-level idea for discussion.
Milestone
Backlog
@Tratcher

Description

@Tratcher
Tratcher
opened on Jul 7, 2020

I'm aggregating some notes here from a variety of issues, questions, discussions, etc. around the HTTPS/TLS capabilities of YARP. These should eventually be written up into a doc.

General:

  • Inbound and outbound TLS are independent.
  • TLS offloading = inbound HTTPS and outbound HTTP
  • No tunneling support

Inbound

  • server specific, link to docs for each, summarize capabilities, more details for kestrel as it has more extensibility
  • SNI
  • hot cert swapping (via SNI callback)
  • TLS versions
  • perfect score TLS config
  • let's encrypt
  • log/filter protocols after handshake
  • advanced protocol filters before handshake

Outbound

  • HTTPS enabled by specifying it in the destination server address
  • uses the destination address host name by default. You'll get a TLS error if it's expecting the original host
  • There's a transform rule to use the original host, or header transform to use an arbitrary host.
  • needs valid certs
  • customize HttpClient settings (not yet, Configuring the HttpClientHandler (& Client Certs) #137)

Metadata

Metadata

Assignees

No one assigned

    Labels

    Deployment cookbookBase capability is there, but documentation on how to achieve the scenario is required.Type: DocumentationImprovements or additions to documentationType: IdeaThis issue is a high-level idea for discussion.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions