doc: example envoy config

[coolaj86]

This is a corrected envoy config with port numbers and addresses matching the other config files, and that allows tls to be handled by a proper Let's Encrypt-enabled reverse proxy (i.e. Caddy, Traefik).

It also has some private network addresses (since I'm running core on a different container), but those could be replaced with 127.0.0.1 where core and evo are running in the same container / vm / network node.

!ignore filters: &filters
  - name: envoy.http_connection_manager
    typed_config:
      "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
      stat_prefix: ingress_http
      codec_type: auto
      access_log:
        - name: envoy.access_loggers.file
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog
            path: /dev/stdout
            log_format:
              json_format:
                timestamp: "%START_TIME%"
                client: "%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%"
                protocol: "%PROTOCOL%"
                method: "%REQ(:METHOD)%"
                uri: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
                upstream: "%UPSTREAM_HOST%"
                "http-status": "%RESPONSE_CODE%"
                "grpc-status": "%GRPC_STATUS%"
                "rx-bytes": "%BYTES_RECEIVED%"
                "tx-bytes": "%BYTES_SENT%"
                "response-flags": "%RESPONSE_FLAGS%"
                duration: "%DURATION%"
                authority: "%REQ(:AUTHORITY)%"
      http_filters:
        - name: envoy.filters.http.local_ratelimit
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
            stat_prefix: http_local_rate_limiter
            # see documentation https://www.envoyproxy.io/docs/envoy/latest/api-v3/type/v3/token_bucket.proto#envoy-v3-api-msg-type-v3-tokenbucket
            token_bucket:
              max_tokens: 300
              tokens_per_fill: 150
              fill_interval: 60s
            filter_enabled:
              runtime_key: local_rate_limit_enabled
              default_value:
                numerator: 100
                denominator: HUNDRED
            filter_enforced:
              runtime_key: local_rate_limit_enforced
              default_value:
                numerator: 100
                denominator: HUNDRED
            response_headers_to_add:
              - append: false
                header:
                  key: x-local-rate-limit
                  value: "true"
        - name: envoy.filters.http.grpc_web
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.http.grpc_web.v3.GrpcWeb
        - name: envoy.filters.http.cors
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.http.cors.v3.Cors
        - name: envoy.filters.http.router
          typed_config:
            "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
      route_config:
        name: local_route
        virtual_hosts:
          - name: dapi_services
            domains: ["*"]
            routes:
              # tx subscription streaming endpoint configuration
              - match:
                  prefix: "/org.dash.platform.dapi.v0.Core/subscribeToTransactionsWithProofs"
                route:
                  cluster: tx_filter_stream
                  timeout: 660s
                  max_stream_duration:
                    grpc_timeout_header_max: 600s
              # block headers subscription streaming endpoint
              - match:
                  prefix: "/org.dash.platform.dapi.v0.Core/subscribeToBlockHeadersWithChainLocks"
                route:
                  cluster: tx_filter_stream
                  timeout: 660s
                  max_stream_duration:
                    grpc_timeout_header_max: 600s
              # set timeout for waitForStateTransitionResult
              - match:
                  prefix: "/org.dash.platform.dapi.v0.Platform/waitForStateTransitionResult"
                route:
                  cluster: core_and_platform
                  timeout: 80s
              # core unary endpoints
              - match:
                  prefix: "/org.dash.platform.dapi.v0.Core"
                route:
                  cluster: core_and_platform
                  timeout: 15s
              # platform unary endpoints
              - match:
                  prefix: "/org.dash.platform.dapi.v0.Platform"
                route:
                  cluster: core_and_platform
                  timeout: 15s
              # configuration of the static responses of unsupported api versions
              # core static response
              - match:
                  safe_regex:
                    google_re2: {}
                    regex: "\/org\\.dash\\.platform\\.dapi\\.v[1-9]+\\.Core"
                response_headers_to_add:
                  - header:
                      key: "Content-Type"
                      value: "application/grpc-web+proto"
                  - header:
                      key: "grpc-status"
                      value: "12"
                  - header:
                      key: "grpc-message"
                      value: "Specified service version is not supported"
                direct_response:
                  status: 204
              # platform static response
              - match:
                  safe_regex:
                    google_re2: {}
                    regex: "\/org\\.dash\\.platform\\.dapi\\.v[1-9]+\\.Platform"
                response_headers_to_add:
                  - header:
                      key: "Content-Type"
                      value: "application/grpc-web+proto"
                  - header:
                      key: "grpc-status"
                      value: "12"
                  - header:
                      key: "grpc-message"
                      value: "Specified service version is not supported"
                direct_response:
                  status: 204
              # JSON RPC endpoints
              - match:
                  path: "/"
                route:
                  cluster: json_rpc
            cors:
              allow_origin_string_match:
                - prefix: "*"
              allow_methods: GET, PUT, DELETE, POST, OPTIONS
              allow_headers: keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,custom-header-1,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout
              max_age: "1728000"
              expose_headers: custom-header-1,grpc-status,grpc-message

static_resources:
  listeners:
    - name: grpc_and_json_rpc
      address:
        socket_address:
          address: 10.11.5.111
          #port_value: 10000
          port_value: 3080
      filter_chains:
        - filters: *filters
  clusters:
    - name: core_and_platform
      connect_timeout: 5s
      type: logical_dns
      lb_policy: round_robin
      typed_extension_protocol_options:
        envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
          "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
          explicit_http_config:
            http2_protocol_options:
              connection_keepalive:
                interval: 30s
                timeout: 5s
      load_assignment:
        cluster_name: core_and_platform
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      #address: dapi_api
                      port_value: 2501
    - name: tx_filter_stream
      connect_timeout: 5s
      type: logical_dns
      lb_policy: round_robin
      typed_extension_protocol_options:
        envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
          "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
          explicit_http_config:
            http2_protocol_options:
              connection_keepalive:
                interval: 30s
                timeout: 5s
      load_assignment:
        cluster_name: tx_filter_stream
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      #address: dapi_tx_filter_stream
                      port_value: 2510
    - name: json_rpc
      connect_timeout: 5s
      type: logical_dns
      lb_policy: round_robin
      load_assignment:
        cluster_name: json_rpc
        endpoints:
          - lb_endpoints:
              - endpoint:
                  address:
                    socket_address:
                      address: 127.0.0.1
                      #address: dapi_api
                      port_value: 2501

admin:
  address:
    socket_address:
      address: 10.11.5.111
      port_value: 8081

See Also

• https://github.com/dashpay/platform/blob/v1.0-dev/packages/dapi/.env.example \ dapi-api sample config
• https://gist.githubusercontent.com/strophy/2716c203d88e77419152f6392623b844/raw/ce7aa360b544621c22587a09e0cf7190fd4a202e/envoy.yaml \ dash.org envoy sample config
• https://github.com/dashpay/platform/blob/dc03275a397e8037636c0b574550afc8091e63a2/packages/dashmate/templates/platform/dapi/envoy/envoy.yaml.dot \ platform envoy sample config

[shumkov]

@coolaj86 Hello! What are you proposing in this issue?