skiptomyliu
/ ingress.yaml
Created
July 4, 2018 23:23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: echoserver | |
| namespace: echoserver | |
| annotations: | |
| kubernetes.io/ingress.class: nginx | |
| spec: | |
| tls: | |
| - hosts: |
skiptomyliu
/ dynamic_fwd_http_sni.yaml
Last active
December 24, 2022 11:06
Dynamic Forward Proxy HTTP + SNI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Transparent Envoy Proxy that forwards http/https | |
| # Create iptables to route 80 + 443 to 10000: | |
| # $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 443 -j REDIRECT --to-port 10000 | |
| # $ iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner envoyuser --dport 80 -j REDIRECT --to-port 10000 | |
| # Run envoy | |
| # $ envoy -c dynamic_fwd_http_sni.yaml -l debug | |
| admin: | |
| access_log_path: /home/envoyuser/admin/admin_access.log | |
| address: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| admin: | |
| access_log_path: /tmp/admin_access.log | |
| address: | |
| socket_address: | |
| protocol: TCP | |
| address: 127.0.0.1 | |
| port_value: 9901 | |
| static_resources: | |
| listeners: | |
| - name: listener_2 |
skiptomyliu
/ envoy_tcp_dns_rbac.yaml
Last active
April 13, 2021 23:31
Envoy original dst cluster with DNS and RBAC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Corresponding iptables rules: | |
| ##!/bin/bash | |
| #sudo iptables -t nat -F | |
| #sudo iptables --table nat --new-chain INTERNAL_TRAFFIC | |
| ## dont forward root traffic and envoyuser traffic | |
| #sudo iptables --table nat --append INTERNAL_TRAFFIC -m owner --uid-owner root -j RETURN | |
| #sudo iptables --table nat --append INTERNAL_TRAFFIC -m owner --uid-owner envoyuser -j RETURN | |
| ## trap ubuntu user traffic |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # This is a quick dirty python3 translation of https://code.activestate.com/recipes/577643-transparent-http-tunnel-for-python-sockets-to-be-u/ | |
| import socket | |
| # Class that wraps a real socket and changes it to a HTTP tunnel whenever a connection is asked via the "CONNECT" method | |
| class ProxySock : | |
| def __init__(self, socket, proxy_host, proxy_port) : |
OlderNewer