Egress traffic shaping

Hi all

I’m not a user of kong, but intend to evaluate it for a specific use case. We run a SaaS that talks heavily to another SaaS, and would like to shape the traffic according to budgets we assign to tenants. The communication with the southbound SaaS is over https (possibly with certificate pinning).

I’d like to consider using Kong as an outbound proxy. I’d like to workout whether i can use it as

  1. A direct HTTPS termination endpoint, or
  2. A passthrough endpoint between an SSL termination and reencryption endpoint.

We do send a lot of traffic, but it’s quite bursty.

I do have some tools in the arsenal - I have control over the end-to-end network stack of the southbound traffic.

I don’t see a lot of egress experiences in this forum, so I hope you’ll appreciate the challenge.


Let me see if I am getting this right:

  1. Kong exposed on HTTPS, reverse proxying then to host over cleartext. I do this already in a few cases.

  2. Not sure I follow, maybe cause I am tired out my my normal timezone atm hah :slight_smile: . But This flow is:

client(Acting as SSL termination, so it took in TLS and strips it before sending on) -> {HTTP} -> Kong(so it accepts http call) -> {TLS} -> Re-encrypt endpoint api? , If so seems fine to me.

1 Like