Skip to content

Instantly share code, notes, and snippets.

@alexeldeib

alexeldeib/envoy.yaml

Last active March 17, 2023 18:41
Show Gist options
  • Save alexeldeib/757e972d7473ae421660e63827051a82 to your computer and use it in GitHub Desktop.
Save alexeldeib/757e972d7473ae421660e63827051a82 to your computer and use it in GitHub Desktop.
Download ZIP
envoy https + https proxy connect listener
Raw
envoy.yaml
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
address: 127.0.0.1
protocol: TCP
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
address: 127.0.0.1
protocol: TCP
port_value: 3128
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: http
domains:
- '*'
routes:
- match:
connect_matcher: {}
route:
cluster: dynamic_forward_proxy_cluster_tls
upgrade_configs:
- upgrade_type: CONNECT
connect_config: {}
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_header: X-Host-Port
- match:
prefix: /
route:
cluster: dynamic_forward_proxy_cluster
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_header: X-Host-Port
http_filters:
- name: envoy.filters.http.dynamic_forward_proxy
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: envoy.filters.http.router
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
http2_protocol_options:
allow_connect: true
upgrade_configs:
- upgrade_type: CONNECT
- name: listener_1
address:
socket_address:
address: 127.0.0.1
protocol: TCP
port_value: 3129
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: http
domains:
- '*'
routes:
- match:
connect_matcher: {}
route:
cluster: dynamic_forward_proxy_cluster_tls
upgrade_configs:
- upgrade_type: CONNECT
connect_config: {}
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_header: X-Host-Port
- match:
prefix: /
route:
cluster: dynamic_forward_proxy_cluster
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_header: X-Host-Port
http_filters:
- name: envoy.filters.http.dynamic_forward_proxy
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: envoy.filters.http.router
typed_config:
'@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
http2_protocol_options:
allow_connect: true
upgrade_configs:
- upgrade_type: CONNECT
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
'@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
common_tls_context:
tls_certificates:
- certificate_chain:
filename: "/opt/actions/envoyc.pem"
private_key:
filename: "/opt/actions/envoyk.pem"
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
clusters:
- name: dynamic_forward_proxy_cluster
connect_timeout: 1s
lb_policy: CLUSTER_PROVIDED
cluster_type:
name: envoy.clusters.dynamic_forward_proxy
typed_config:
'@type': type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: dynamic_forward_proxy_cluster_tls
connect_timeout: 1s
lb_policy: CLUSTER_PROVIDED
cluster_type:
name: envoy.clusters.dynamic_forward_proxy
typed_config:
'@type': type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
'@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
validation_context:
trusted_ca:
filename: /etc/ssl/certs/ca-certificates.crt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment