hkwi/0_README.md

## 0_README.md

      
    Raw
  

              0_README.md
            
          
    Working example using envoy HTTP CONNECT proxy, not ProxyProtocol.
 +--------+         +-------+                  +-------+         +--------+
 | client +--(tcp)--+ envoy +--(HTTP CONNECT)--+ envoy +--(tcp)--+ server |
 +--------+         +-------+                  +-------+         +--------+

See also envoy source configs/* files.

  
## docker-compose.yaml
version: "3"
services:
  ping:
    image: debian
    command:
    - bash
    - -c
    - exec 3<>/dev/tcp/tcp2proxy/9000 && echo test >&3 && head -1 <&3
    depends_on:
    - tcp2proxy
  tcp2proxy:
    image: envoyproxy/envoy-dev
    ports:
    - "8080:9000"
    command: -c /etc/envoy/envoy.yaml -l debug
    volumes:
    - type: bind
      source: ./tcp2proxy.yaml
      target: /etc/envoy/envoy.yaml
    depends_on:
    - proxy2tcp
  proxy2tcp:
    image: envoyproxy/envoy-dev
    ports:
    - "8090:8080"
    command: -c /etc/envoy/envoy.yaml -l debug
    volumes:
    - type: bind
      source: ./proxy2tcp.yaml
      target: /etc/envoy/envoy.yaml
    depends_on:
    - echo
  echo:
    image: istio/tcp-echo-server:1.2
    ports:
    - "9000:9000"


## proxy2tcp.dyn.yaml
static_resources:
  listeners:
  - name: proxy2echo
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 8080
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          http_filters:
          - name: envoy.filters.http.dynamic_forward_proxy
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
              dns_cache_config:
                name: dynamic_forward_proxy_cache_config
          - name: envoy.filters.http.router
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
          http2_protocol_options:
            allow_connect: true
          upgrade_configs:
          - upgrade_type: CONNECT
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["*"]
              routes:
              # https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades#connect-support
              - match:
                  connect_matcher: {}
                route:
                  upgrade_configs:
                  - upgrade_type: CONNECT
                    connect_config: {}
                  cluster: dynamic_forward_proxy_cluster
#                typed_per_filter_config:
#                  envoy.filters.http.dynamic_forward_proxy:
#                    "@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
#                    host_rewrite_literal: echo:9000
  clusters:
  - name: dynamic_forward_proxy_cluster
    lb_policy: CLUSTER_PROVIDED
    cluster_type:
      name: envoy.clusters.dynamic_forward_proxy
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
        dns_cache_config:
          name: dynamic_forward_proxy_cache_config

## proxy2tcp.yaml
static_resources:
  listeners:
  - name: proxy2echo
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 8080
    filter_chains:
    - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          http_filters:
          - name: envoy.filters.http.router
          http2_protocol_options:
            allow_connect: true
          upgrade_configs:
          - upgrade_type: CONNECT
          route_config:
            name: local_route
            virtual_hosts:
            - name: local_service
              domains: ["echo:9000"] # CONNECT target becomes "domain" in envoy, not Host: target
              routes:
              - match:
                  connect_matcher: {}
                route:
                  upgrade_configs:
                  - upgrade_type: CONNECT
                    connect_config: {}
                  cluster: cluster_0
  clusters:
  - name: cluster_0
    type: strict_dns
    load_assignment:
      cluster_name: cluster_0
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: echo
                port_value: 9000

## tcp2proxy.yaml
static_resources:
  listeners:
  - name: nc_alias
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 9000
    filter_chains:
    - filters:
      - name: envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          stat_prefix: tcp_stats
          cluster: cluster_0
          tunneling_config:
            hostname: echo:9000

  clusters:
  - name: cluster_0
    typed_extension_protocol_options:
      envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
        "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
        explicit_http_config:
          # It looks defaults to HTTP/1.1 mode
          http_protocol_options: {}
          # http2_protocol_options: {}
    type: strict_dns
    load_assignment:
      cluster_name: cluster_0
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: proxy2tcp
                port_value: 8080
	version: "3"
	services:
	ping:
	image: debian
	command:
	- bash
	- -c
	- exec 3<>/dev/tcp/tcp2proxy/9000 && echo test >&3 && head -1 <&3
	depends_on:
	- tcp2proxy
	tcp2proxy:
	image: envoyproxy/envoy-dev
	ports:
	- "8080:9000"
	command: -c /etc/envoy/envoy.yaml -l debug
	volumes:
	- type: bind
	source: ./tcp2proxy.yaml
	target: /etc/envoy/envoy.yaml
	depends_on:
	- proxy2tcp
	proxy2tcp:
	image: envoyproxy/envoy-dev
	ports:
	- "8090:8080"
	command: -c /etc/envoy/envoy.yaml -l debug
	volumes:
	- type: bind
	source: ./proxy2tcp.yaml
	target: /etc/envoy/envoy.yaml
	depends_on:
	- echo
	echo:
	image: istio/tcp-echo-server:1.2
	ports:
	- "9000:9000"
	static_resources:
	listeners:
	- name: proxy2echo
	address:
	socket_address:
	protocol: TCP
	address: 0.0.0.0
	port_value: 8080
	filter_chains:
	- filters:
	- name: envoy.filters.network.http_connection_manager
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
	stat_prefix: ingress_http
	http_filters:
	- name: envoy.filters.http.dynamic_forward_proxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.FilterConfig
	dns_cache_config:
	name: dynamic_forward_proxy_cache_config
	- name: envoy.filters.http.router
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
	http2_protocol_options:
	allow_connect: true
	upgrade_configs:
	- upgrade_type: CONNECT
	route_config:
	name: local_route
	virtual_hosts:
	- name: local_service
	domains: ["*"]
	routes:
	# https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/upgrades#connect-support
	- match:
	connect_matcher: {}
	route:
	upgrade_configs:
	- upgrade_type: CONNECT
	connect_config: {}
	cluster: dynamic_forward_proxy_cluster
	# typed_per_filter_config:
	# envoy.filters.http.dynamic_forward_proxy:
	# "@type": type.googleapis.com/envoy.extensions.filters.http.dynamic_forward_proxy.v3.PerRouteConfig
	# host_rewrite_literal: echo:9000
	clusters:
	- name: dynamic_forward_proxy_cluster
	lb_policy: CLUSTER_PROVIDED
	cluster_type:
	name: envoy.clusters.dynamic_forward_proxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig
	dns_cache_config:
	name: dynamic_forward_proxy_cache_config
	static_resources:
	listeners:
	- name: nc_alias
	address:
	socket_address:
	protocol: TCP
	address: 0.0.0.0
	port_value: 9000
	filter_chains:
	- filters:
	- name: envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
	typed_config:
	"@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
	stat_prefix: tcp_stats
	cluster: cluster_0
	tunneling_config:
	hostname: echo:9000

	clusters:
	- name: cluster_0
	typed_extension_protocol_options:
	envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
	"@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
	explicit_http_config:
	# It looks defaults to HTTP/1.1 mode
	http_protocol_options: {}
	# http2_protocol_options: {}
	type: strict_dns
	load_assignment:
	cluster_name: cluster_0
	endpoints:
	- lb_endpoints:
	- endpoint:
	address:
	socket_address:
	address: proxy2tcp
	port_value: 8080