36 lines
1.7 KiB
Plaintext
36 lines
1.7 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Service Mesh Proxy Overview
|
|
description: >-
|
|
In Consul service mesh, each service has a sidecar proxy that secures connections with other services in the mesh without modifying the underlying application code. You can use the built-in proxy, Envoy, or a custom proxy to handle communication and verify TLS connections.
|
|
---
|
|
|
|
# Service Mesh Proxy Overview
|
|
|
|
A Connect-aware proxy enables unmodified applications to use Connect. A
|
|
per-service proxy sidecar transparently handles inbound and outbound service
|
|
connections, automatically wrapping and verifying TLS connections. Consul
|
|
includes its own built-in L4 proxy and has first class support for Envoy. You
|
|
can choose other proxies to plug in as well. This section describes how to
|
|
configure Envoy or the built-in proxy using Connect, and how to integrate the
|
|
proxy of your choice.
|
|
|
|
To ensure that services only allow external connections established via
|
|
the Connect protocol, you should configure all services to only accept connections on a loopback address.
|
|
|
|
~> **Deprecation Note:** Managed Proxies are a deprecated method for deploying
|
|
sidecar proxies, and have been removed in Consul 1.6. See [managed proxy
|
|
deprecation](/docs/connect/proxies/managed-deprecated) for more
|
|
information. If you are using managed proxies we strongly recommend that you
|
|
switch service definitions for registering proxies.
|
|
|
|
## Dynamic Upstreams Require Native Integration
|
|
|
|
If an application requires dynamic dependencies that are only available
|
|
at runtime, it must [natively integrate](/docs/connect/native)
|
|
with Connect. After natively integrating, the HTTP API or
|
|
[DNS interface](/docs/discovery/dns#connect-capable-service-lookups)
|
|
can be used.
|
|
|
|
!> Connect proxies do not currently support dynamic upstreams.
|