envoyproxy
[HELP!!!] Can envoy be configured to use a second http/https proxy
Title: Can envoy be configured to use a second http/https proxy
Description: I am using envoy as an edge proxy. There is a use case where the whole network is behind an http proxy(support HTTP over connect). Is there a way to have envoy redirect to this second proxy?
i.e. client(http/https,xxx.com)->envoy->[http proxy2]->xxx.com
Does envoy honor the HTTP_PROXY/HTTPS_PROXY/NO_PROXY environment variables? Is there another way?
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT. Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT. Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
@alyssawilk I want to achieve is that all http/https in this pod must go through my clash client proxy service before accessing the target website. , so I want to use EnvoyFilter to achieve it, but I really understand too little about this.
For example, I want to intercept all http/https export traffic of the pod labeled app, and forward this part of the traffic to my clash client proxy server (assuming the address is http://a.b.c.com:40001, supporting HTTP over connect ), but I am a complete novice on envoy-related knowledge. Can you help show me how to implement the code? I will be very grateful~~~
Envoy can both forward CONNECT request, encapsulate traffic in CONNECT and terminate CONNECT. Please check out https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades
@alyssawilk I want to achieve is that all http/https in this pod must go through my clash client proxy service before accessing the target website. , so I want to use EnvoyFilter to achieve it, but I really understand too little about this.
For example, I want to intercept all http/https export traffic of the pod labeled app, and forward this part of the traffic to my clash client proxy server (assuming the address is http://a.b.c.com:40001, supporting HTTP over connect ), but I am a complete novice on envoy-related knowledge. Can you help show me how to implement the code? I will be very grateful~~~
The following is what I learned from some information I searched before:
apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
name: test
namespace: apps
spec:
workloadSelector:
labels:
app.kubernetes.io/name: app
configPatches:
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
portNumber: 443
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: MERGE
value:
name: "envoy.filters.network.tcp_proxy"
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: "outbound_tcp_443"
cluster: proxy_cluster
tunneling_config:
hostname: "%REQUESTED_SERVER_NAME%:443"
- applyTo: NETWORK_FILTER
match:
context: SIDECAR_OUTBOUND
listener:
portNumber: 80
filterChain:
filter:
name: "envoy.filters.network.tcp_proxy"
patch:
operation: MERGE
value:
name: "envoy.filters.network.tcp_proxy"
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
stat_prefix: "outbound_tcp_80"
cluster: proxy_cluster
- applyTo: CLUSTER
match:
context: SIDECAR_OUTBOUND
patch:
operation: ADD
value:
name: proxy_cluster
type: STRICT_DNS
lb_policy: ROUND_ROBIN
load_assignment:
cluster_name: proxy_cluster
endpoints:
- lb_endpoints:
- endpoint:
address:
socket_address:
address: a.b.c.com
port_value: 40001
But it doesn't work. I don't quite understand how to modify it, even though I checked a lot of information.
apologies, but I think you're going to have to play around - I'm unfortunately too overloaded to dig in the way I'd need to to help out.
apologies, but I think you're going to have to play around - I'm unfortunately too overloaded to dig in the way I'd need to to help out.
OK, Thanks.