如何将特使配置为转发(出口)代理
how to configure envoy as forward (egress) proxy
我正在尝试将 envoy 配置为 Egress 代理。我正在使用以下配置
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
http_filters:
- name: envoy.filters.http.router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: http_default }
clusters:
- name: http_default
connect_timeout: 6s
type: ORIGINAL_DST
lb_policy: CLUSTER_PROVIDED
我正在本地笔记本电脑 (OSX 11.6.1) 上测试它。
我运行envoy使用以上配置:
envoy -c test.yaml
并且 envoy 开始监听 10000 端口
netstat -an | grep 10000
tcp4 0 0 *.10000 *.* LISTEN
我正在尝试 curl 命令
curl -x http://127.0.0.1:10000 http://proton4.eng.vmware.com
no healthy upstream%
http://proton4.eng.vmware.com 已启动并且 运行.
curl -v http://proton4.eng.vmware.com
* Trying 10.20.119.220...
* TCP_NODELAY set
* Connected to proton4.eng.vmware.com (10.20.119.220) port 80 (#0)
> GET / HTTP/1.1
> Host: proton4.eng.vmware.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Wed, 17 Nov 2021 03:30:57 GMT
< Content-Type: text/html
< Content-Length: 1456
< Last-Modified: Thu, 21 Jan 2021 00:38:26 GMT
< Connection: keep-alive
< ETag: "6008cd02-5b0"
< Accept-Ranges: bytes
谁能帮我配置envoy?
以下配置适用于 http 代理。
admin:
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/force-host-rewrite"
route:
cluster: dynamic_forward_proxy_cluster
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_literal: www.example.org
- match:
prefix: "/"
route:
cluster: dynamic_forward_proxy_cluster
http_filters:
- name: envoy.filters.http.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: dynamic_forward_proxy_cluster
lb_policy: CLUSTER_PROVIDED
cluster_type:
name: envoy.clusters.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
validation_context:
trusted_ca: {filename: /usr/local/Cellar/ca-certificates/2021-10-26/share/ca-certificates/cacert.pem}
我正在使用 osx 11.6.1 和
envoy version: 96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e/1.20.0/Modified/RELEASE/BoringSSL
我们要在 mac.
上安装 ca 证书
brew install ca-certificate
现在尝试代理 www.example.com
curl -x http://127.0.0.1:10000 http://example.com
<!doctype html>
<html>
<head>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
body {
我正在尝试将 envoy 配置为 Egress 代理。我正在使用以下配置
static_resources:
listeners:
- name: listener_0
address:
socket_address: { address: 0.0.0.0, port_value: 10000 }
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
access_log:
- name: envoy.access_loggers.stdout
typed_config:
"@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StdoutAccessLog
http_filters:
- name: envoy.filters.http.router
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: http_default }
clusters:
- name: http_default
connect_timeout: 6s
type: ORIGINAL_DST
lb_policy: CLUSTER_PROVIDED
我正在本地笔记本电脑 (OSX 11.6.1) 上测试它。
我运行envoy使用以上配置:
envoy -c test.yaml
并且 envoy 开始监听 10000 端口
netstat -an | grep 10000
tcp4 0 0 *.10000 *.* LISTEN
我正在尝试 curl 命令
curl -x http://127.0.0.1:10000 http://proton4.eng.vmware.com
no healthy upstream%
http://proton4.eng.vmware.com 已启动并且 运行.
curl -v http://proton4.eng.vmware.com
* Trying 10.20.119.220...
* TCP_NODELAY set
* Connected to proton4.eng.vmware.com (10.20.119.220) port 80 (#0)
> GET / HTTP/1.1
> Host: proton4.eng.vmware.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx/1.14.0 (Ubuntu)
< Date: Wed, 17 Nov 2021 03:30:57 GMT
< Content-Type: text/html
< Content-Length: 1456
< Last-Modified: Thu, 21 Jan 2021 00:38:26 GMT
< Connection: keep-alive
< ETag: "6008cd02-5b0"
< Accept-Ranges: bytes
谁能帮我配置envoy?
以下配置适用于 http 代理。
admin:
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/force-host-rewrite"
route:
cluster: dynamic_forward_proxy_cluster
typed_per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
host_rewrite_literal: www.example.org
- match:
prefix: "/"
route:
cluster: dynamic_forward_proxy_cluster
http_filters:
- name: envoy.filters.http.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
clusters:
- name: dynamic_forward_proxy_cluster
lb_policy: CLUSTER_PROVIDED
cluster_type:
name: envoy.clusters.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
common_tls_context:
validation_context:
trusted_ca: {filename: /usr/local/Cellar/ca-certificates/2021-10-26/share/ca-certificates/cacert.pem}
我正在使用 osx 11.6.1 和
envoy version: 96701cb24611b0f3aac1cc0dd8bf8589fbdf8e9e/1.20.0/Modified/RELEASE/BoringSSL
我们要在 mac.
上安装 ca 证书brew install ca-certificate
现在尝试代理 www.example.com
curl -x http://127.0.0.1:10000 http://example.com
<!doctype html>
<html>
<head>
<title>Example Domain</title>
<meta charset="utf-8" />
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style type="text/css">
body {