{"id":6987,"date":"2019-01-16T21:15:07","date_gmt":"2019-01-16T20:15:07","guid":{"rendered":"https:\/\/pi3g.com\/?p=6987"},"modified":"2019-01-16T21:19:26","modified_gmt":"2019-01-16T20:19:26","slug":"envoy-yaml-example-for-http-and-https-rewriting","status":"publish","type":"post","link":"https:\/\/pi3g.com\/de\/envoy-yaml-example-for-http-and-https-rewriting\/","title":{"rendered":"envoy.yaml Beispiel f\u00fcr http und https Rewriting"},"content":{"rendered":"<p>This is an early example of working with envoy. I find the documentation to be difficult to get into, therefore I will try to track my progress by infrequent blog posts on the matter.<\/p>\n<p>The following envoy.yaml works for me for http and https rewriting to google:<\/p>\n<p><\/p>\n<p>static_resources:<br \/>&nbsp;&nbsp; listeners:<br \/>&nbsp;&nbsp; &#8211; address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; socket_address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; address: 0.0.0.0<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; port_value: 80<br \/>&nbsp;&nbsp;&nbsp;&nbsp; filter_chains:<br \/>&nbsp;&nbsp;&nbsp;&nbsp; &#8211; filters:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: envoy.http_connection_manager<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; config:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; codec_type: auto<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stat_prefix: ingress_http<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; route_config:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; name: local_route<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; virtual_hosts:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: local_service<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; domains: [&#8220;*&#8221;]<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; routes:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; match: { prefix: &#8220;\/&#8221; }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; route: { host_rewrite: www.google.com, cluster: service_google }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http_filters:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: envoy.router<br \/>&nbsp;&nbsp; &#8211; address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; socket_address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; address: 0.0.0.0<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; port_value: 443<br \/>&nbsp;&nbsp;&nbsp;&nbsp; filter_chains:<br \/>&nbsp;&nbsp;&nbsp;&nbsp; &#8211; tls_context:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; common_tls_context:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; tls_certificates:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; certificate_chain: { filename: &#8220;\/etc\/example-com.crt&#8221; }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; private_key: { filename: &#8220;\/etc\/example-com.key&#8221; }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; filters:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: envoy.http_connection_manager<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; config:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; stat_prefix: ingress_https<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; route_config:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; virtual_hosts:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: default<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; domains: [&#8220;*&#8221;]<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; routes:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; match: { prefix: &#8220;\/&#8221; }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; route: { host_rewrite: www.google.com, cluster: service_foo }<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; http_filters:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#8211; name: envoy.router<br \/>&nbsp;&nbsp; clusters:<br \/>&nbsp;&nbsp; &#8211; name: service_google<br \/>&nbsp;&nbsp;&nbsp;&nbsp; connect_timeout: 0.25s<br \/>&nbsp;&nbsp;&nbsp;&nbsp; type: LOGICAL_DNS<br \/>&nbsp;&nbsp;&nbsp;&nbsp; dns_lookup_family: V4_ONLY<br \/>&nbsp;&nbsp;&nbsp;&nbsp; lb_policy: round_robin<br \/>&nbsp;&nbsp;&nbsp;&nbsp; hosts: [{ socket_address: { address: google.com, port_value: 443 }}]<br \/>&nbsp;&nbsp;&nbsp;&nbsp; tls_context: { sni: www.google.com }<br \/>&nbsp;&nbsp; &#8211; name: service_foo<br \/>&nbsp;&nbsp;&nbsp;&nbsp; connect_timeout: 0.25s<br \/>&nbsp;&nbsp;&nbsp;&nbsp; type: LOGICAL_DNS<br \/>&nbsp;&nbsp;&nbsp;&nbsp; dns_lookup_family: V4_ONLY<br \/>&nbsp;&nbsp;&nbsp;&nbsp; lb_policy: round_robin<br \/>&nbsp;&nbsp;&nbsp;&nbsp; hosts: [{ socket_address: { address: google.com, port_value: 443 }}]<br \/>&nbsp;&nbsp;&nbsp;&nbsp; tls_context: { sni: www.google.com }<br \/>\nadmin:<br \/>&nbsp;&nbsp; access_log_path: &#8220;\/tmp\/envoy.log&#8221;<br \/>&nbsp;&nbsp; address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp; socket_address:<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; address: 0.0.0.0<br \/>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; port_value: 9901<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dies ist ein fr\u00fches Beispiel f\u00fcr die Arbeit mit envoy. Ich finde die Dokumentation schwierig zu verstehen, daher werde ich versuchen, meinen Fortschritt durch unregelm\u00e4\u00dfige Blogbeitr\u00e4ge zu verfolgen. Die folgende envoy.yaml funktioniert bei mir f\u00fcr http und https Rewriting zu google: static_resources: listeners:   - address: socket_address: address: 0.0.0.0 port_value:...<\/p>","protected":false},"author":830,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"categories":[402],"tags":[481],"class_list":["post-6987","post","type-post","status-publish","format-standard","hentry","category-development","tag-envoy"],"_links":{"self":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/6987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/users\/830"}],"replies":[{"embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/comments?post=6987"}],"version-history":[{"count":2,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/6987\/revisions"}],"predecessor-version":[{"id":6989,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/posts\/6987\/revisions\/6989"}],"wp:attachment":[{"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/media?parent=6987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/categories?post=6987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pi3g.com\/de\/wp-json\/wp\/v2\/tags?post=6987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}