How to configure Envoy as forward proxy to intercept all Egress traffic

[Kesiena Owho-Ovuakporie]

Hi everyone,

Is it possible to configure envoy to intercept all egress (i.e., outbound) traffic form a host and redirect them to appropriate upstreams?

My use case is that I'd like to install Envoy on a host and make it responsible for all Egress traffic of all applications on that host without having to modify the application code to forward their traffic to Envoy's listening port.

Is this something Envoy can help with and does anyone have any example of how to configure this?

[Harvey Tuch]

Typically this is done with iptables and original_dst routing, you might want to take a look at what Istio does here, this is the canonical example of how to make this work.

--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/71485e4d-862c-4530-acf5-232b9e080c21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Kesiena Owho-Ovuakporie]

Thanks!

[ravi]

Hello Harvey,

wanted to configure envoy to intercept all egress (i.e., outbound) traffic form a host and redirect them to appropriate upstreams.

something like this, unfortunately the below configuration is not working.

https://github.com/vadimeisenbergibm/envoy-generic-forward-proxy

>curl --proxy http://<envoyhost:port>  http://httpbin.org

wanted to use envoy as http/s forward proxy.

any configuration/direction is appreciated?,thanks.

-ravi 

On Friday, February 22, 2019 at 3:40:24 AM UTC+5:30, Harvey Tuch wrote:

Typically this is done with iptables and original_dst routing, you might want to take a look at what Istio does here, this is the canonical example of how to make this work.

On Thu, Feb 21, 2019 at 4:21 PM Kesiena Owho-Ovuakporie <kesie...@gmail.com> wrote:

Hi everyone,

Is it possible to configure envoy to intercept all egress (i.e., outbound) traffic form a host and redirect them to appropriate upstreams?

My use case is that I'd like to install Envoy on a host and make it responsible for all Egress traffic of all applications on that host without having to modify the application code to forward their traffic to Envoy's listening port.

Is this something Envoy can help with and does anyone have any example of how to configure this?

--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to envo...@googlegroups.com.