Comments (7)
ravenblackx
commented on June 16, 2024
@alyssawilk probably understands this.
from envoy.
alyssawilk
commented on June 16, 2024
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT.
Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
from envoy.
xiaoxuanyo
commented on June 16, 2024
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT. Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
@alyssawilk I want to achieve is that all http/https in this pod must go through my clash client proxy service before accessing the target website. , so I want to use EnvoyFilter to achieve it, but I really understand too little about this.
For example, I want to intercept all http/https export traffic of the pod labeled app, and forward this part of the traffic to my clash client proxy server (assuming the address is http://a.b.c.com:40001, supporting HTTP over connect ), but I am a complete novice on envoy-related knowledge. Can you help show me how to implement the code? I will be very grateful~~~
from envoy.
xiaoxuanyo
commented on June 16, 2024
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT. Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
@alyssawilk I want to achieve is that all http/https in this pod must go through my clash client proxy service before accessing the target website. , so I want to use EnvoyFilter to achieve it, but I really understand too little about this.
For example, I want to intercept all http/https export traffic of the pod labeled app, and forward this part of the traffic to my clash client proxy server (assuming the address is http://a.b.c.com:40001, supporting HTTP over connect ), but I am a complete novice on envoy-related knowledge. Can you help show me how to implement the code? I will be very grateful~~~
The following is what I learned from some information I searched before:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: test
namespace: apps
spec:
workloadSelector:
labels:
app.kubernetes.io/name: app
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
portNumber: 443
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: MERGE
value:
name: "envoy.filters.network.tcp_proxy"
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: "outbound_tcp_443"
cluster: proxy_cluster
tunneling_config:
hostname: "%REQUESTED_SERVER_NAME%:443"
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
portNumber: 80
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: MERGE
value:
name: "envoy.filters.network.tcp_proxy"
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: "outbound_tcp_80"
cluster: proxy_cluster
- applyTo: CLUSTER
match:
context: SIDECAR_OUTBOUND
patch:
operation: ADD
value:
name: proxy_cluster
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: proxy_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: a.b.c.com
port_value: 40001
But it doesn't work. I don't quite understand how to modify it, even though I checked a lot of information.
from envoy.
xiaoxuanyo
commented on June 16, 2024
@alyssawilk could you help me~ 0.0
from envoy.
alyssawilk
commented on June 16, 2024
apologies, but I think you're going to have to play around - I'm unfortunately too overloaded to dig in the way I'd need to to help out.
from envoy.
xiaoxuanyo
commented on June 16, 2024
apologies, but I think you're going to have to play around - I'm unfortunately too overloaded to dig in the way I'd need to to help out.
OK, Thanks.
from envoy.
Related Issues (20)
- CI failing frequently "The Build Event Protocol upload failed" HOT 1
- Export Common Duration Metrics HOT 4
- External Authz filter is not rewriting Host and does not work for an Ext server behind LB HOT 7
- Unable to access filter state from with Golang filter HOT 4
- Support sanitizing specified headers in tap filter output HOT 1
- Support sending tapped streams into a single file sink in tap filter HOT 1
- Envoy crash using CDS with dynamic configuration from filesystem
- EnvoyFilter RateLimit pattern regex not working , need help! HOT 7
- Didn't find a registered implementation for 'ip-matcher' with type URL: 'xds.type.matcher.v3.IPMatcher' HOT 5
- Newer release available `com_github_bufbuild_buf`: v1.32.0 (current: v1.31.0) HOT 1
- Newer release available `com_github_grpc_grpc`: v1.64.0 (current: v1.62.1)
- Newer release available `rules_rust`: 0.45.1 (current: 0.35.0)
- Error when setting up Envoy as a forward proxy. HOT 3
- [Jwt_authn filter] access token is giving Jwt verification fails error HOT 2
- Cross instances local rate limit filter HOT 11
- Increasing `max_request_headers_kb` in HCM not working properly HOT 5
- Fedora 40: failed build clang-18 HOT 4
- Allows to preserve the exsting authorization header when oauth2 filter is in the request path HOT 3
- [help!] envoy forwards traffic to the tcp secondary transparent proxy through tcp_proxy, but before envoy receives the response, the tcp secondary transparent proxy sends a FIN and disconnects the connection. HOT 2
- Newer release available `com_github_nghttp2_nghttp2`: v1.62.1 (current: v1.62.0)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from envoy.