envoy force SSL example envoy.yaml

static_resources:
   listeners:
   – address:
       socket_address:
         address: 0.0.0.0
         port_value: 80
     filter_chains:
     – filters:
       – name: envoy.http_connection_manager
         config:
           codec_type: auto
           stat_prefix: ingress_http
           route_config:
             virtual_hosts:
             – name: backend
               domains: [“*”]
               routes:
               – match: { prefix: “/” }
                 redirect:
                   path_redirect: “/”
                   https_redirect: true
           http_filters:
           – name: envoy.router
             config: {}
   – address:
       socket_address:
         address: 0.0.0.0
         port_value: 443
     filter_chains:
     – tls_context:
         common_tls_context:
           tls_certificates:
           – certificate_chain: { filename: “/etc/example-com.crt” }
             private_key: { filename: “/etc/example-com.key” }
       filters:
       – name: envoy.http_connection_manager
         config:
           stat_prefix: ingress_https
           route_config:
             virtual_hosts:
             – name: backend
               domains: [“*”]
               routes:
               – match: { prefix: “/” }
                 route: { cluster: target_taxgod }
           http_filters:
           – name: envoy.router
             config: {}
   clusters:
   – name: target_taxgod
     connect_timeout: 0.25s
     type: strict_dns
     lb_policy: round_robin
     hosts:
     – socket_address:
         address: taxgod
         port_value: 3000
admin:
   access_log_path: “/tmp/envoy.log”
   address:
     socket_address:
       address: 0.0.0.0
       port_value: 9901

careful in copy & pasting as WordPress messes up code! This is YAML, and whitespace sensitive

Reference: https://blog.turbinelabs.io/setting-up-ssl-with-envoy-f7c5aa06a5ce