Newbie question: simple forward proxy with envoy
2,521 views
Skip to first unread message
aco...@redhat.com
Jun 19, 2018, 12:42:39 PM6/19/18
to envoy-dev
I want the simplest of simple forward proxies in envoy: a single HTTP listener that forwards everything to a single cluster. I can't figure out how to configure the wildcard routes for this, so far I've tried
route_config:
virtual_hosts:
- name: http_in
domains: ["*"]
routes:
- { match: { prefix: "/" }, route: { cluster: amqp_out } }
- { match: { prefix: "" }, route: { cluster: amqp_out } }
- { match: { prefix: "http" }, route: { cluster: amqp_out } }
- { match: { prefix: "http://" }, route: { cluster: amqp_out } }
- { match: { regex: "" }, route: { cluster: amqp_out } }
- { match: { regex: ".*" }, route: { cluster: amqp_out } }
What am I missing?
Stephan Zuercher
Jun 19, 2018, 3:41:56 PM6/19/18
to aco...@redhat.com, envoy-dev
prefix: "/" is correct -- something else must be wrong.
Try running envoy with "-l debug". You should see the downstream client's request headers and the request sent to the upstream (cluster) host (or some indication of why that request is not being forwarded).
--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+unsubscribe@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/c1eceb73-49d5-4e08-bf06-062693dd91d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
aco...@redhat.com
Jun 19, 2018, 5:59:01 PM6/19/18
to envoy-dev
On Tuesday, June 19, 2018 at 3:41:56 PM UTC-4, Stephan Zuercher wrote:
prefix: "/" is correct -- something else must be wrong.Try running envoy with "-l debug". You should see the downstream client's request headers and the request sent to the upstream (cluster) host (or some indication of why that request is not being forwarded).
There is no request sent upstream. It appears that envoy decides the request doesn't match anything and 404's directly, e.g. 'curl --proxy localhost:8000' (where envoy is listening)
[2018-06-19 17:48:43.432][30403][debug][http] external/envoy/source/common/http/conn_manager_impl.cc:452] [C0][S12142072624741879978] request headers complete (end_stream=true):
':authority', 'google.com'
'user-agent', 'curl/7.59.0'
'accept', '*/*'
'proxy-connection', 'Keep-Alive'
':path', 'http://google.com/'
':method', 'GET'
[2018-06-19 17:48:43.432][30403][debug][http] external/envoy/source/common/http/conn_manager_impl.cc:972] [C0][S12142072624741879978] encoding headers via codec (end_stream=true):
':status', '404'
'date', 'Tue, 19 Jun 2018 21:48:43 GMT'
'server', 'envoy'
I can reproduce the problem with a squid proxy running on port 3128 and envoy using the configuration below.
I see the following results:
curl localhost:8000/x - goes to the squid proxy, which sends back a complaint because there's no host in the URI - but it proves envoy can forward to the proxy.
curl --proxy localhost:8000 google.com - 404 directly back from envoycurl --proxy localhost:3128 google.com - expected 301 redirect from google.com
Thanks for any tips!
admin:
access_log_path: /tmp/env1_access.log
address:
socket_address: { address: 127.0.0.1, port_value: 9901 }
static_resources:
listeners:
- name: http_in
address:
socket_address: { address: 0.0.0.0, port_value: 8000 }
filter_chains:
filters:
- name: envoy.http_connection_manager
config:
stat_prefix: http_in
route_config:
virtual_hosts:
- name: http_in
domains: ["*"]
routes:
- match: { prefix: "/" }
route: { cluster: http_out }
http_filters:
- name: envoy.router
config: {}
clusters:
- name: http_out
connect_timeout: 0.25s
type: static
hosts: [{ socket_address: { address: 127.0.0.1, port_value: 3128 }}]
Stephan Zuercher
Jun 19, 2018, 8:06:53 PM6/19/18
to aco...@redhat.com, envoy-dev
Setting --proxy on curl causes it to send absolute URLs, which Envoy isn't matching.
http_protocol_options:
allow_absolute_url: true
That'll cause prefix: "/" to match, and the request to be forwarded. Envoy doesn't send the full URL along when it makes the request to the upstream squid, so it returns a 400.
Unfortunately, that's about the limit of knowledge on the matter. You might have more luck asking in the Envoy slack channel (see the README on github for invite URL and such).
--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+unsubscribe@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/d22ec397-e143-4b42-bc8c-f91b943396b5%40googlegroups.com.
Alan Conway
Jun 20, 2018, 2:11:19 PM6/20/18
to Stephan Zuercher, envoy-dev
Thanks, that makes sense. My current requirement is for a cool demo (look, I'm browsing the public internet over a routed AMQP network!) but I can do a less-cool one in the meantime, till I figure out the rest of it.
Matt Klein
Jun 25, 2018, 11:39:53 AM6/25/18
to Alan Conway, Stephan Zuercher, envoy-dev
This general issue is tracked here FYI: https://github.com/envoyproxy/envoy/issues/886
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/d22ec397-e143-4b42-bc8c-f91b943396b5%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/CAFcPDB9TTycMat%3DruezY-bVoq2P%3DqsOuLYsuEPvJa6%2BdU2B%2Bfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Alan Conway
Jun 28, 2018, 11:14:52 AM6/28/18
to Matt Klein, Stephan Zuercher, envoy-dev
Thanks - not important for me now, was just trying for a cool-but-not-practical demo of browsing the web via AMQP :)
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+unsubscribe@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/d22ec397-e143-4b42-bc8c-f91b943396b5%40googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/CAFcPDB9TTycMat%3DruezY-bVoq2P%3DqsOuLYsuEPvJa6%2BdU2B%2Bfw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
shivendra panicker
Dec 14, 2022, 3:09:45 AM12/14/22
to envoy-dev
Thanks, works after allowing absolute url parsing.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
To post to this group, send email to envo...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/envoy-dev/d22ec397-e143-4b42-bc8c-f91b943396b5%40googlegroups.com.--
You received this message because you are subscribed to the Google Groups "envoy-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to envoy-dev+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages