-
-
Save cortex93/6d7cd9738b077d0447ab891cbacd0d5e to your computer and use it in GitHub Desktop.
| admin: | |
| access_log_path: "/dev/stdout" | |
| address: | |
| socket_address: | |
| protocol: TCP | |
| address: 127.0.0.1 | |
| port_value: 7779 | |
| static_resources: | |
| listeners: | |
| - name: main_listener | |
| address: | |
| socket_address: | |
| address: 0.0.0.0 | |
| port_value: 80 | |
| filter_chains: | |
| - filters: | |
| - name: envoy.filters.network.http_connection_manager | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager | |
| codec_type: auto | |
| stat_prefix: ingress_http | |
| route_config: | |
| name: local_route | |
| virtual_hosts: | |
| - name: app | |
| domains: | |
| - "*" | |
| routes: | |
| - match: | |
| prefix: "/" | |
| route: | |
| host_rewrite_literal: edition.cnn.com | |
| cluster: "loopback_cluster" | |
| http_filters: | |
| - name: envoy.filters.http.router | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router | |
| - name: api_proxy_listener | |
| address: | |
| pipe: | |
| path: "@/cluster_0" | |
| filter_chains: | |
| - filters: | |
| - name: tcp | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy | |
| stat_prefix: tcp_stats | |
| cluster: "proxy_cluster" | |
| tunneling_config: | |
| hostname: edition.cnn.com:443 | |
| headers_to_add: | |
| - header: | |
| key: Proxy-Authorization | |
| value: Basic dXNlcjpwYXNzd29yZA== # replace with your credentials | |
| append: false | |
| clusters: | |
| - name: proxy_cluster | |
| connect_timeout: 0.25s | |
| type: strict_dns | |
| lb_policy: round_robin | |
| load_assignment: | |
| cluster_name: proxy_cluster | |
| endpoints: | |
| - lb_endpoints: | |
| - endpoint: | |
| address: | |
| socket_address: | |
| address: host.docker.internal # simulate a corporate proxy | |
| port_value: 8888 | |
| - name: loopback_cluster | |
| connect_timeout: 5s | |
| upstream_connection_options: | |
| tcp_keepalive: {} | |
| type: STATIC | |
| load_assignment: | |
| cluster_name: loopback_cluster | |
| endpoints: | |
| - lb_endpoints: | |
| - endpoint: | |
| address: | |
| pipe: | |
| path: "@/cluster_0" | |
| transport_socket: | |
| name: envoy.transport_sockets.tls | |
| typed_config: | |
| "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext | |
| sni: edition.cnn.com | |
Looking at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization probably you need to add the type? Most likely it's something like: "Basic YTpi"
headers_to_add:
- header:
key: Proxy-Authorization
value: "Basic YTpi"
Looking at: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Proxy-Authorization probably you need to add the type? Most likely it's something like: "Basic YTpi"
headers_to_add: - header: key: Proxy-Authorization value: "Basic YTpi"
That's right. Fixed with "user:password" as credentials.
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
You should check your upstream proxy for what authentication type it support.
For dynamic hostname, I don't know.
I tried with "Basic YTpi" and got the error like this "Bad characters in authorization header 'Basic YTpi". And I have another question, is it possible to have a dynamic hostname?
@rocky0001 did you manage to have a dynamic hostname solution ?
no.
live example with squid as L2 TLS proxy at https://github.com/scrocquesel/envoy_examples/tree/main/tls_origination_via_tls_l2_proxy
Thanks to envoyproxy/envoy#19612, the sample now allows for dynamic hostname solution. Setting domain matcher to "*" will let envoy proxy any destination to the L2 proxy.
what was the value of the Proxy-Authorization? I got the following error with Squid proxy. "Unsupported or unconfigured/inactive proxy-auth scheme" and "Bad characters in authorization header 'Basic ****". Thanks.