envoy dynamic forward proxy 구성하기 위한 config.yaml
admin:
access_log_path: /tmp/admin_access.log
address:
socket_address:
protocol: TCP
address: 127.0.0.1
port_value: 9901
static_resources:
listeners:
- name: listener_0
address:
socket_address:
protocol: TCP
address: 0.0.0.0
port_value: 10000
filter_chains:
- filters:
- name: envoy.filters.network.http_connection_manager
typed_config:
"@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
stat_prefix: ingress_http
route_config:
name: local_route
virtual_hosts:
- name: local_service
domains: ["*"]
routes:
- match:
prefix: "/force-host-rewrite"
route:
cluster: dynamic_forward_proxy_cluster
per_filter_config:
envoy.filters.http.dynamic_forward_proxy:
host_rewrite: www.example.org
- match:
prefix: "/"
route:
cluster: dynamic_forward_proxy_cluster
http_filters:
- name: envoy.filters.http.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.config.filter.http.dynamic_forward_proxy.v2alpha.FilterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
- name: envoy.filters.http.router
clusters:
- name: dynamic_forward_proxy_cluster
connect_timeout: 1s
lb_policy: CLUSTER_PROVIDED
cluster_type:
name: envoy.clusters.dynamic_forward_proxy
typed_config:
"@type": type.googleapis.com/envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig
dns_cache_config:
name: dynamic_forward_proxy_cache_config
dns_lookup_family: V4_ONLY
transport_socket:
name: envoy.transport_sockets.tls
typed_config:
"@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
common_tls_context:
validation_context:
trusted_ca: {filename: /etc/ssl/certs/ca-certificates.crt}
- admin:
- access_log_path: /tmp/admin_access.log
- address:
- socket_address:
- protocol: TCP
- address: 127.0.0.1
- port_value: 9901
- static_resources:
- listeners:
- - name: listener_0
- address:
- socket_address:
- protocol: TCP
- address: 0.0.0.0
- port_value: 10000
- filter_chains:
- - filters:
- - name: envoy.http_connection_manager
- typed_config:
- "@type": type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager
- stat_prefix: ingress_http
- route_config:
- name: local_route
- virtual_hosts:
- - name: local_service
- domains: ["*"]
- routes:
- - match:
- prefix: "/force-host-rewrite"
- route:
- cluster: dynamic_forward_proxy_cluster
- per_filter_config:
- envoy.filters.http.dynamic_forward_proxy:
- host_rewrite: www.example.org
- - match:
- prefix: "/"
- route:
- cluster: dynamic_forward_proxy_cluster
- http_filters:
- - name: envoy.filters.http.dynamic_forward_proxy
- config:
- dns_cache_config:
- name: dynamic_forward_proxy_cache_config
- dns_lookup_family: V4_ONLY
- - name: envoy.router
- clusters:
- - name: dynamic_forward_proxy_cluster
- connect_timeout: 1s
- lb_policy: CLUSTER_PROVIDED
- cluster_type:
- name: envoy.clusters.dynamic_forward_proxy
- typed_config:
- "@type": type.googleapis.com/envoy.config.cluster.dynamic_forward_proxy.v2alpha.ClusterConfig
- dns_cache_config:
- name: dynamic_forward_proxy_cache_config
- dns_lookup_family: V4_ONLY
- transport_socket:
- name: envoy.transport_sockets.tls
- typed_config:
- "@type": type.googleapis.com/envoy.api.v2.auth.UpstreamTlsContext
- common_tls_context:
- validation_context:
- trusted_ca: {filename: /etc/ssl/certs/ca-certificates.crt}