You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: content/docs/internals/connection.mdx
+11-7
Original file line number
Diff line number
Diff line change
@@ -10,21 +10,25 @@ import LongLivedConnections from '@site/content/docs/admonitions/_long-lived-con
10
10
11
11
# Connection Lifecycle
12
12
13
-
Pomerium enables proxying of HTTPand TCP connections, uniformly applying [access policies](/docs/capabilities/authorization) across these connections.
13
+
Pomerium enables proxying of HTTP, TCP, and UDP traffic, uniformly applying [access policies](/docs/capabilities/authorization) across the routed traffic.
14
14
15
15
The primary focus of this document is the management of transport layer connections in Pomerium, particularly HTTP requests.
16
16
17
-
## HTTP and TCP connection lifecyle
17
+
## HTTP connection lifecyle
18
18
19
-
### 1. **Downstream connection and TLS termination**
19
+
TCP and UDP traffic is tunneled over HTTP, so let's focus on the HTTP connection lifecycle.
20
20
21
-
A client, usually a web browser, initiates a connection to Pomerium.
21
+
### 1. **Downstream connection and TLS termination**
22
22
23
-
- This connection can be HTTP/1.1or HTTP/2.
23
+
-A client, usually a web browser, [Pomerium CLI](/docs/clients/pomerium-cli), or [Pomerium Desktop App](/docs/clients/pomerium-desktop), initiates a connection to Pomerium. This connection can be HTTP/1.1, HTTP/2, or HTTP/3.
24
24
25
25
:::tip **Note**
26
26
27
-
Pomerium currently does not support QUIC or HTTP/3 transports. Most modern browsers default to HTTP/2 connections for significant performance benefits. In rare circumstances, you may need to force HTTP/1.1 using the [`codec_type`](/docs/reference/codec-type) parameter.
27
+
HTTP/2 and HTTP/1.1 are allowed by default, with most modern browsers defaulting to HTTP/2.
28
+
29
+
HTTP/3 can be enabled by setting the [`codec_type`](/docs/reference/codec-type) parameter. This is recommended when proxying UDP traffic.
30
+
31
+
In rare circumstances, you may need to force HTTP/1.1 using the [`codec_type`](/docs/reference/codec-type) parameter.
28
32
29
33
:::
30
34
@@ -34,7 +38,7 @@ Pomerium currently does not support QUIC or HTTP/3 transports. Most modern brows
34
38
35
39
### 2. **Request initiation**
36
40
37
-
After the transport layer connection is established, the downstream client sends an HTTP request. The proxy parses this request, matches it against the configuration, and determines the upstream service to which the request should be forwarded.
41
+
After TLS handshakes are complete, the downstream client sends an HTTP request. The proxy parses this request, matches it against the configured routes, and determines the upstream service to which the request should be forwarded.
0 commit comments