Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SSL passthrough #1254

Open
aschepis opened this issue Apr 27, 2017 · 1 comment
Open

Add support for SSL passthrough #1254

aschepis opened this issue Apr 27, 2017 · 1 comment
Labels
enhancement

Comments

@aschepis
Copy link

It would simplify the configuration of some deployments of linkerd had the option of passing through SSL connections instead of trying to terminate and route it.

In my case I have a kubernetes cluster running l5d as a daemonset. The outgoing port is used to resolve both internal (k8s services) and external (AWS APIs, etc) endpoints. Not all tools/applications respect the conventional http_proxy and https_proxy environment variables. For instance JRuby (9.1.7.0) does not look at the https_proxy environment variable and just uses http_proxy. As a result, you can run into scenarios where SSL is sent to the http_proxy.

When this occurs, linkerd forwards along the CONNECT HTTP method (https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling) to the endpoint (e.g. AWS) resulting in a 400 Bad Request.
@adleong
Copy link
Member

adleong commented May 3, 2017

linkerd-tcp can already do this.

Adding this functionality to linkerd is more difficult and would require finagle and netty changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aschepis @adleong