qwzhou89 commented on issue #9823: URL: https://github.com/apache/apisix/issues/9823#issuecomment-1641848696
> Can you provide the configuration used and the details of the authorization error? This one is more difficult. Let me ask the question differently. https://apisix.apache.org/docs/apisix/stream-proxy/#proxy-to-tls-over-tcp-upstream It's written inside the document linked above: >APISIX also supports proxying to TLS over TCP upstream. > ```shell curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "upstream": { "scheme": "tls", "nodes": { "127.0.0.1:1995": 1 }, "type": "roundrobin" } }' ``` >By setting the scheme to "tls", APISIX will do TLS handshake with the upstream. I would like to know if it supports configuring client_key and client_cert to be used for mtls communication with upstream? If it does, how do I configure it, like this? ```shell curl http://127.0.0.1:9180/apisix/admin/stream_routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "upstream": { "scheme": "tls", "nodes": { "127.0.0.1:1995": 1 }, "tls": { "client_cert": "YOUR UPSTREAM CLIENT CERT", "client_key": "YOUR UPSTREAM CLIENT KEY" }, "type": "roundrobin" } }' ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
