search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
25.11k stars 4.82k forks source link

Support dynamic host rewrite #16507

Open yu-sun-77 opened 3 years ago

yu-sun-77 commented 3 years ago

If you are reporting any crash or any potential security issue, do not open an issue in this repo. Please report the issue via emailing envoy-security@googlegroups.com where the issue will be triaged appropriately.

Description:

Describe the issue. We would like to use Envoy to do a dynamic host rewrite and route the request to different endpoint, What we want is:

  1. fetch part of request endpoint as env variable $var1
  2. fetch value of header "x-google-service-name" as $var2
  3. using customized logic to construct the endpoint: $var1.$var2.internal.google.com and route the request
  4. return the response form upstream cluster back to customer Example: We have a request customerId123.google.com from customer along with a header x-google-service-name="sampleService" and want to construct a new endpoint customerId123.sampleService.internal.google.com and route the request using Envoy.

I've walked through Envoy docs and found dynamic forward proxy and Lua filter might be helpful, but still wanna know how will Envoy support fetch value from host/header and dynamically define as a variable?

Any suggestion is appreciated. Thanks.

[optional Relevant Links:]

Any extra documentation required to understand the issue.https://github.com/envoyproxy/envoy/issues/8768

antoniovicente commented 3 years ago

cc @htuch @yanavlasov

I don't think there's a native way to do this, but seems like an useful enhancement.

htuch commented 3 years ago

I think building on dynamic forward proxy here makes sense; you essentially rewrite the host in some HTTP filter and rely on dynamic forward for the rest.

su225 commented 3 years ago

Hi. I would like to give a try. At first glance it seems like I have to enhance the host rewrite specifier API and add corresponding logic to handle it in HTTP dynamic forward proxy filter - https://github.com/envoyproxy/envoy/blob/747944b30b5556b07a5bffdea46fcea89404b9f4/api/envoy/extensions/filters/http/dynamic_forward_proxy/v3/dynamic_forward_proxy.proto#L37-L62

su225 commented 3 years ago

Sorry. Due to some reasons, I could not take this up for at least a month. Other priorities. So stepping back.

Shikugawa commented 3 years ago

@yu-sun-77 I understand the need for this feature, but I have one question. Why doesn't LuaPerRoute host rewriting work here? This may be achieved by the following steps.

  1. rewrite the host with per-route Lua Filter
  2. use Dynamic Forward Proxy filter to perform DNS lookup only, not host rewriting.
palashhedau commented 2 years ago

@Shikugawa Can you provide an example with lua filter?

My use case is that I will receive tcp traffic on my envoy which was resulted as a part of iptable redirect. the original request was meant for 10.10.10.10:9300, the iptable redirect it to envoy and envoy is supposed to forward the request to 10.10.10.10:9393. Basically changing the upstream port. is it possible?

redbaron commented 2 years ago

Allowing metadata expressions in host_rewrite_literal (or new host_rewrite_value) in combination with header_to_metadata should make it work, right?

@Shikugawa , doesn't Lua require buffering of whole request before it can rewrite request headers?