Amazon API Gateway
You can deploy fabio as the target of an Amazon API Gateway.
or behind an ELB with PROXY protocol support:
You can authenticate calls from the API Gateway with a client certificate. This requires that you configure an HTTPS listener on fabio with a valid certificate.
To enable fabio to validate the Amazon
generated certificate you need to configure the
aws.apigw.cert.cn as follows:
proxy.addr = 126.96.36.199:9999;your/cert.pem;your/key.pem;api-gw-cert.pem aws.apigw.cert.cn = ApiGateway
api-gw-cert.pem is the certificate generated in the AWS Management Console.
is the certificate/key pair for the HTTPS certificate. Since the Amazon API Gateway certificates don’t have the
CA flag set fabio needs to trust them for the client certificate authentication to work. Otherwise, you will get an
TLS handshake error: failed to verify client's certificate. See Issue 108 for details.
aws.apigw.cert.cn parameter will not be supported in version 1.2 and later which support dynamic certificate stores. You will have to add the
caupgcn=ApiGateway parameter to the certificate source configuration instead. See Certificate Stores for more detail.