envoy tcp proxy relay using ProxyProtocol

0_README.md

Working example using envoy ProxyProtocol, not HTTP CONNECT.

 +--------+         +-------+                   +-------+         +--------+
 | client +--(tcp)--+ envoy +--(ProxyProtocol)--+ envoy +--(tcp)--+ server |
 +--------+         +-------+                   +-------+         +--------+

See also envoy source configs/* files.

HTTP CONNECT version: https://gist.github.com/hkwi/6d439342b8914b5538ef189bca33fb6d

docker-compose.yaml

version: "3"
services:
  ping:
    image: debian
    command:
    - bash
    - -c
    - exec 3<>/dev/tcp/tcp2proxy/9000 && echo test >&3 && head -1 <&3
    depends_on:
    - tcp2proxy
  tcp2proxy:
    image: envoyproxy/envoy-dev
    ports:
    - "8080:9000"
    command: -c /etc/envoy/envoy.yaml -l debug
    volumes:
    - type: bind
      source: ./tcp2proxy.yaml
      target: /etc/envoy/envoy.yaml
    depends_on:
    - proxy2tcp
  proxy2tcp:
    image: envoyproxy/envoy-dev
    ports:
    - "8090:8080"
    command: -c /etc/envoy/envoy.yaml -l debug
    volumes:
    - type: bind
      source: ./proxy2tcp.yaml
      target: /etc/envoy/envoy.yaml
    depends_on:
    - echo
  echo:
    image: istio/tcp-echo-server:1.2
    ports:
    - "9000:9000"

proxy2tcp.yaml

static_resources:
  listeners:
  - name: proxy2echo
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 8080
    access_log:
    - name: envoy.access_loggers.stream
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StderrAccessLog
        log_format:
          text_format: "LOG DOWN=%DOWNSTREAM_REMOTE_ADDRESS% UP=%UPSTREAM_REMOTE_ADDRESS%\n"
    listener_filters:
    - name: envoy.filters.listener.proxy_protocol
    filter_chains:
    - filters:
      - name: envoy.filters.network.tcp_proxy
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          stat_prefix: tcp_stats
          cluster: cluster_0
  clusters:
  - name: cluster_0
    type: strict_dns
    load_assignment:
      cluster_name: cluster_0
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: echo
                port_value: 9000

tcp2proxy.yaml

static_resources:
  listeners:
  - name: nc_alias
    address:
      socket_address:
        protocol: TCP
        address: 0.0.0.0
        port_value: 9000
    access_log:
    - name: envoy.access_loggers.stream
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.access_loggers.stream.v3.StderrAccessLog
        log_format:
          text_format: "LOG DOWN=%DOWNSTREAM_REMOTE_ADDRESS% UP=%UPSTREAM_REMOTE_ADDRESS%\n"
    filter_chains:
    - filters:
      - name: envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
          stat_prefix: tcp_stats
          cluster: cluster_0

  clusters:
  - name: cluster_0
    type: strict_dns
    transport_socket:
      name: envoy.transport_sockets.upstream_proxy_protocol
      typed_config:
        "@type": type.googleapis.com/envoy.extensions.transport_sockets.proxy_protocol.v3.ProxyProtocolUpstreamTransport
        transport_socket:
          name: envoy.transport_sockets.raw_buffer
    load_assignment:
      cluster_name: cluster_0
      endpoints:
      - lb_endpoints:
        - endpoint:
            address:
              socket_address:
                address: proxy2tcp
                port_value: 8080